|
304021
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11092
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304022
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2024-11085
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304023
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10884
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304024
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the U…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10883
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304025
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and includin…
|
-
|
CVE-2024-10875
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304026
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.…
|
CWE-862
Missing Authorization
|
CVE-2024-10533
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304027
|
- |
|
-
|
-
|
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10147
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304028
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10017
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304029
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin…
|
CWE-862
Missing Authorization
|
CVE-2024-10861
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304030
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on w…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10795
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
