|
308831
|
4.8 |
MEDIUM
Network
|
ronvalstar
|
pocket_widget
|
The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7918
|
2024-10-8 01:56 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308832
|
4.6 |
MEDIUM
Local
|
tenable
|
nessus_network_monitor
|
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
|
CWE-79
Cross-site Scripting
|
CVE-2024-9158
|
2024-10-8 01:13 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308833
|
5.4 |
MEDIUM
Network
|
kvf-admin_project
|
kvf-admin
|
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9291
|
2024-10-8 01:13 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308834
|
4.3 |
MEDIUM
Network
|
digireturn
|
dn_popup
|
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-7690
|
2024-10-8 00:56 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308835
|
4.8 |
MEDIUM
Network
|
wow-company
|
viral_signup
|
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6927
|
2024-10-8 00:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308836
|
7.2 |
HIGH
Network
|
stylemixthemes
|
cost_calculator_builder
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
|
CWE-89
SQL Injection
|
CVE-2024-8379
|
2024-10-8 00:49 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308837
|
4.8 |
MEDIUM
Network
|
10web
|
slider
|
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8283
|
2024-10-8 00:49 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308838
|
5.4 |
MEDIUM
Network
|
squirrly
|
starbox
|
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, whi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8239
|
2024-10-8 00:48 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308839
|
4.8 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8189
|
2024-10-8 00:44 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308840
|
4.8 |
MEDIUM
Network
|
godaddy
|
coblocks
|
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7132
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
