|
311891
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verifica…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9907
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311892
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The mani…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9904
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311893
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9903
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311894
|
- |
|
-
|
-
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/wid…
|
CWE-200
Information Exposure
|
CVE-2024-8902
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311895
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is …
|
CWE-89
SQL Injection
|
CVE-2024-8757
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311896
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9696
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311897
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9595
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311898
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8915
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311899
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to…
|
CWE-94
Code Injection
|
CVE-2024-8760
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311900
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in ver…
|
-
|
CVE-2024-9756
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
