|
309601
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9376
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309602
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all ver…
|
CWE-862
Missing Authorization
|
CVE-2024-10437
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309603
|
8.8 |
HIGH
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possi…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-10436
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309604
|
- |
|
-
|
-
|
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10227
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309605
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
|
-
|
CVE-2024-51509
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309606
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
|
-
|
CVE-2024-51508
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309607
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
|
-
|
CVE-2024-51507
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309608
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
|
-
|
CVE-2024-51506
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309609
|
- |
|
-
|
-
|
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system.
|
-
|
CVE-2024-44295
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309610
|
- |
|
-
|
-
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a maliciously crafted file may lead to an unexpected app t…
|
-
|
CVE-2024-44283
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
