|
306631
|
7.2 |
HIGH
Network
|
-
|
-
|
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10108
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306632
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8871
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306633
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306634
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
|
-
|
CVE-2024-9886
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306635
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306636
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9884
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306637
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulati…
|
-
|
CVE-2024-10509
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306638
|
- |
|
-
|
-
|
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenti…
|
-
|
CVE-2024-51568
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306639
|
- |
|
-
|
-
|
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus …
|
-
|
CVE-2024-51378
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306640
|
- |
|
-
|
-
|
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.
|
-
|
CVE-2024-48573
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
