|
308841
|
5.4 |
MEDIUM
Network
|
gutentor
|
gutentor
|
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5417
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308842
|
6.1 |
MEDIUM
Network
|
stape
|
gtm_server_side
|
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8712
|
2024-10-8 00:43 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308843
|
6.1 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6020
|
2024-10-8 00:42 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308844
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6888
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308845
|
4.8 |
MEDIUM
Network
|
mansurahamed
|
chatbot_support_ai
|
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6722
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308846
|
8.8 |
HIGH
Network
|
skyselang
|
yyladmin
|
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component …
|
CWE-89
SQL Injection
|
CVE-2024-9293
|
2024-10-8 00:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308847
|
7.5 |
HIGH
Network
|
hcltech
|
hcl_nomad
|
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-23586
|
2024-10-8 00:30 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308848
|
9.8 |
CRITICAL
Network
|
wow-company
|
viral_signup
|
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a…
|
CWE-89
SQL Injection
|
CVE-2024-6926
|
2024-10-8 00:29 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308849
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6889
|
2024-10-8 00:29 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308850
|
8.8 |
HIGH
Network
|
advantech
|
adam-5630_firmware
|
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an …
|
NVD-CWE-Other
|
CVE-2024-39275
|
2024-10-8 00:25 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
