|
305841
|
5.4 |
MEDIUM
Network
|
getshortcodes
|
shortcodes_ultimate
|
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8500
|
2024-10-26 01:43 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305842
|
6.1 |
MEDIUM
Network
|
steelthemes
|
nioland
|
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10250
|
2024-10-26 01:37 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305843
|
- |
|
-
|
-
|
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
|
-
|
CVE-2024-48540
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305844
|
6.5 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functi…
|
CWE-862
Missing Authorization
|
CVE-2024-9829
|
2024-10-26 01:30 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305845
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30160
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305846
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30159
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305847
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to ins…
|
CWE-89
SQL Injection
|
CVE-2024-30158
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305848
|
7.2 |
HIGH
Network
|
wpovernight
|
woocommerce_order_proposal
|
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of a…
|
CWE-287
Improper Authentication
|
CVE-2024-9927
|
2024-10-26 01:29 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305849
|
5.4 |
MEDIUM
Network
|
rebelcode
|
rss_aggregator
|
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax…
|
CWE-862
Missing Authorization
|
CVE-2024-9583
|
2024-10-26 01:28 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305850
|
3.1 |
LOW
Network
|
umbraco
|
umbraco_cms
|
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.1…
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-48926
|
2024-10-26 01:19 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
