|
305791
|
5.4 |
MEDIUM
Network
|
bamazoo
|
button_generator
|
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10150
|
2024-11-6 02:47 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305792
|
6.1 |
MEDIUM
Network
|
10web
|
10web_social_post_feed
|
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9607
|
2024-11-6 02:40 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305793
|
9.8 |
CRITICAL
Network
|
appcheap
|
app_builder
|
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is d…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9302
|
2024-11-6 02:39 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305794
|
8.8 |
HIGH
Network
|
mapster
|
mapster_wp_maps
|
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_op…
|
CWE-285
Improper Authorization
|
CVE-2024-9235
|
2024-11-6 02:36 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305795
|
- |
|
-
|
-
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS comman…
|
-
|
CVE-2024-52019
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305796
|
- |
|
-
|
-
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands…
|
-
|
CVE-2024-52018
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305797
|
- |
|
-
|
-
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…
|
-
|
CVE-2024-52017
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305798
|
- |
|
-
|
-
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri an…
|
-
|
CVE-2024-52016
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305799
|
- |
|
-
|
-
|
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST…
|
-
|
CVE-2024-51001
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305800
|
- |
|
-
|
-
|
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities a…
|
-
|
CVE-2024-51000
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
