|
312721
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePlu…
|
CWE-352
Origin Validation Error
|
CVE-2024-11118
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312722
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11092
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312723
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2024-11085
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312724
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10884
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312725
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the U…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10883
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312726
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and includin…
|
-
|
CVE-2024-10875
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312727
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.…
|
CWE-862
Missing Authorization
|
CVE-2024-10533
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312728
|
- |
|
-
|
-
|
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10147
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312729
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10017
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312730
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin…
|
CWE-862
Missing Authorization
|
CVE-2024-10861
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
