|
303291
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11224
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303292
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11198
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303293
|
8.8 |
HIGH
Network
|
-
|
-
|
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigure…
|
-
|
CVE-2024-11194
|
2024-11-19 21:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303294
|
- |
|
-
|
-
|
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11195
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303295
|
7.3 |
HIGH
Network
|
-
|
-
|
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form A…
|
CWE-94
Code Injection
|
CVE-2024-11038
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303296
|
7.3 |
HIGH
Network
|
-
|
-
|
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_e…
|
CWE-94
Code Injection
|
CVE-2024-11036
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303297
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11098
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303298
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, …
|
-
|
CVE-2024-11069
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303299
|
7.2 |
HIGH
Network
|
-
|
-
|
The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10388
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303300
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions u…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10268
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
