|
309261
|
- |
|
-
|
-
|
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9388
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309262
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This i…
|
CWE-95
Eval Injection
|
CVE-2024-8512
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309263
|
- |
|
-
|
-
|
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
|
-
|
CVE-2024-8444
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309264
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10223
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309265
|
7.2 |
HIGH
Network
|
-
|
-
|
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10108
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309266
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8871
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309267
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309268
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
|
-
|
CVE-2024-9886
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309269
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309270
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9884
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
