|
310341
|
8.8 |
HIGH
Network
|
xwp
|
stream
|
The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_ac…
|
CWE-352
Origin Validation Error
|
CVE-2024-7423
|
2024-09-27 05:08 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310342
|
6.1 |
MEDIUM
Network
|
slicewp
|
affiliate_program_suite
|
The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8714
|
2024-09-27 05:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310343
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310344
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310345
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310346
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310347
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45605
|
2024-09-27 04:14 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310348
|
9.8 |
CRITICAL
Network
|
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability b…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-47088
|
2024-09-27 04:12 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310349
|
6.5 |
MEDIUM
Network
|
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-47089
|
2024-09-27 04:09 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310350
|
5.3 |
MEDIUM
Network
|
circutor
|
q-smt_firmware
|
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is presen…
|
NVD-CWE-noinfo
|
CVE-2024-8891
|
2024-09-27 03:50 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
