|
307431
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due …
|
CWE-89
SQL Injection
|
CVE-2024-9874
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307432
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & rem…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10876
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307433
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which p…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10688
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307434
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10683
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307435
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks…
|
CWE-22
Path Traversal
|
CVE-2024-10470
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307436
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes i…
|
CWE-200
Information Exposure
|
CVE-2024-8756
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307437
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated att…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-10814
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307438
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10770
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307439
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10669
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307440
|
- |
|
-
|
-
|
The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts…
|
-
|
CVE-2024-10667
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
