241
|
4.3 |
MEDIUM
Network
|
wpchill
|
download_monitor
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8552
|
2024-10-3 02:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
242
|
5.4 |
MEDIUM
Network
|
zkteco
|
wdms
|
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-51157
|
2024-10-3 01:58 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
243
|
7.2 |
HIGH
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what user…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8349
|
2024-10-3 01:50 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
244
|
6.5 |
MEDIUM
Network
|
madrasthemes
|
mas_static_content
|
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticat…
Update
|
NVD-CWE-noinfo
|
CVE-2024-8483
|
2024-10-3 01:42 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
245
|
6.1 |
MEDIUM
Network
|
outtheboxthemes
|
beam_me_up_scotty
|
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8741
|
2024-10-3 01:37 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
246
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
New
|
-
|
CVE-2024-33210
|
2024-10-3 01:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
247
|
- |
|
-
|
-
|
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a com…
New
|
CWE-88 CWE-176
Argument Injection
|
CVE-2024-47611
|
2024-10-3 01:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
248
|
- |
|
-
|
-
|
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
New
|
-
|
CVE-2024-46084
|
2024-10-3 01:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
249
|
- |
|
-
|
-
|
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.
New
|
-
|
CVE-2024-46082
|
2024-10-3 01:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250
|
- |
|
-
|
-
|
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.
New
|
-
|
CVE-2024-46080
|
2024-10-3 01:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|