|
307711
|
4.8 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8189
|
2024-10-8 00:44 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307712
|
4.8 |
MEDIUM
Network
|
godaddy
|
coblocks
|
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7132
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307713
|
5.4 |
MEDIUM
Network
|
gutentor
|
gutentor
|
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5417
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307714
|
6.1 |
MEDIUM
Network
|
stape
|
gtm_server_side
|
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8712
|
2024-10-8 00:43 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307715
|
6.1 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6020
|
2024-10-8 00:42 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307716
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6888
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307717
|
4.8 |
MEDIUM
Network
|
mansurahamed
|
chatbot_support_ai
|
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6722
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307718
|
8.8 |
HIGH
Network
|
skyselang
|
yyladmin
|
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component …
|
CWE-89
SQL Injection
|
CVE-2024-9293
|
2024-10-8 00:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307719
|
7.5 |
HIGH
Network
|
hcltech
|
hcl_nomad
|
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-23586
|
2024-10-8 00:30 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307720
|
9.8 |
CRITICAL
Network
|
wow-company
|
viral_signup
|
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a…
|
CWE-89
SQL Injection
|
CVE-2024-6926
|
2024-10-8 00:29 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
