|
309601
|
8.8 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7770
|
2024-09-27 02:49 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309602
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46934
|
2024-09-27 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309603
|
7.5 |
HIGH
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an …
|
NVD-CWE-noinfo
|
CVE-2024-46935
|
2024-09-27 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309604
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47048
|
2024-09-27 02:12 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309605
|
6.1 |
MEDIUM
Network
|
xplodedthemes
|
xt_ajax_add_to_cart_for_woocommerce
|
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8716
|
2024-09-27 02:03 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309606
|
6.1 |
MEDIUM
Network
|
castos
|
seriously_simple_stats
|
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8738
|
2024-09-27 01:48 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309607
|
7.3 |
HIGH
Network
|
pluginus
|
wordpress_meta_data_and_taxonomies_filter
|
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing …
|
CWE-94
Code Injection
|
CVE-2024-8623
|
2024-09-27 01:46 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309608
|
8.8 |
HIGH
Network
|
ba-booking
|
ba_book_everything
|
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_ac…
|
CWE-352
Origin Validation Error
|
CVE-2024-8795
|
2024-09-27 01:46 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309609
|
9.9 |
CRITICAL
Network
|
pluginus
|
wordpress_meta_data_and_taxonomies_filter
|
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1…
|
CWE-89
SQL Injection
|
CVE-2024-8624
|
2024-09-27 01:45 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309610
|
5.4 |
MEDIUM
Network
|
wpcodeus
|
advanced_sermons
|
The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7599
|
2024-09-27 01:45 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
