|
306691
|
- |
|
-
|
-
|
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9830
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306692
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9777
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306693
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11224
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306694
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11198
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306695
|
8.8 |
HIGH
Network
|
-
|
-
|
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigure…
|
-
|
CVE-2024-11194
|
2024-11-19 21:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306696
|
- |
|
-
|
-
|
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11195
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306697
|
7.3 |
HIGH
Network
|
-
|
-
|
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form A…
|
CWE-94
Code Injection
|
CVE-2024-11038
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306698
|
7.3 |
HIGH
Network
|
-
|
-
|
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_e…
|
CWE-94
Code Injection
|
CVE-2024-11036
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306699
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11098
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306700
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, …
|
-
|
CVE-2024-11069
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
