|
304011
|
7.5 |
HIGH
Network
|
-
|
-
|
The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the us…
|
CWE-89
SQL Injection
|
CVE-2024-10645
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304012
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10614
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304013
|
8.8 |
HIGH
Network
|
-
|
-
|
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_re…
|
CWE-862
Missing Authorization
|
CVE-2024-10728
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304014
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9938
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304015
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9850
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304016
|
- |
|
-
|
-
|
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.3.5.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9615
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304017
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9386
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304018
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_req…
|
CWE-269
Improper Privilege Management
|
CVE-2024-9192
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304019
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to mi…
|
CWE-352
Origin Validation Error
|
CVE-2024-6628
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304020
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePlu…
|
CWE-352
Origin Validation Error
|
CVE-2024-11118
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
