|
306871
|
3.4 |
LOW
Adjacent
|
-
|
-
|
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for a…
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2023-0657
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306872
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2020-25720
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306873
|
- |
|
-
|
-
|
The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficie…
|
CWE-89
SQL Injection
|
CVE-2024-9887
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306874
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization …
|
CWE-80
Basic XSS
|
CVE-2024-10592
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306875
|
7.5 |
HIGH
Network
|
-
|
-
|
The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the us…
|
CWE-89
SQL Injection
|
CVE-2024-10645
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306876
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10614
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306877
|
8.8 |
HIGH
Network
|
-
|
-
|
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_re…
|
CWE-862
Missing Authorization
|
CVE-2024-10728
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306878
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9938
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306879
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9850
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306880
|
- |
|
-
|
-
|
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.3.5.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9615
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
