231
|
9.8 |
CRITICAL
Network
-
|
-
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9289
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
232
|
9.8 |
CRITICAL
Network
-
|
-
|
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-9265
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
233
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9241
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
234
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9228
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
235
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated…
New
|
-
|
CVE-2024-9224
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
236
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9220
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
237
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9209
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
238
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient e…
New
|
CWE-89
SQL Injection
|
CVE-2024-9018
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
239
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8799
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
240
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_ar…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8793
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|