|
306451
|
9.8 |
CRITICAL
Network
|
najeebmedia
|
frontend_file_manager
post_front-end_form
|
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-15042
|
2024-10-31 06:12 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306452
|
9.8 |
CRITICAL
Network
|
themehunk
|
wp_popup_builder
|
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all ve…
|
CWE-94
Code Injection
|
CVE-2024-9061
|
2024-10-31 06:11 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306453
|
6.5 |
MEDIUM
Network
|
suse
|
rancher
|
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-use…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2023-22649
|
2024-10-31 06:08 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306454
|
9.8 |
CRITICAL
Network
|
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX…
|
CWE-862
Missing Authorization
|
CVE-2020-36840
|
2024-10-31 06:06 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306455
|
8.8 |
HIGH
Network
|
wpvivid
|
migration\
_backup\
_staging
|
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJA…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36842
|
2024-10-31 06:03 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306456
|
5.3 |
MEDIUM
Network
|
strategy11
|
formidable_form_builder
|
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for u…
|
NVD-CWE-noinfo
|
CVE-2017-20194
|
2024-10-31 06:00 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306457
|
6.1 |
MEDIUM
Network
|
solarwinds
|
solarwinds_platform
|
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45715
|
2024-10-31 05:59 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306458
|
5.4 |
MEDIUM
Network
|
gtranslate
|
google_language_translator
|
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2021-4452
|
2024-10-31 05:57 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306459
|
4.3 |
MEDIUM
Network
|
sinaextra
|
sina_extension_for_elementor
|
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-moda…
|
CWE-200
Information Exposure
|
CVE-2024-9540
|
2024-10-31 05:56 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306460
|
6.1 |
MEDIUM
Network
|
woo
|
product_vendors
|
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-20193
|
2024-10-31 05:46 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
