|
308371
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9696
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308372
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9595
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308373
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8915
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308374
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to…
|
CWE-94
Code Injection
|
CVE-2024-8760
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308375
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in ver…
|
-
|
CVE-2024-9756
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308376
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9704
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308377
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated at…
|
CWE-22
Path Traversal
|
CVE-2024-9047
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308378
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' fu…
|
CWE-862
Missing Authorization
|
CVE-2024-9824
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308379
|
- |
|
-
|
-
|
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2024-9778
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308380
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9670
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
