211
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9209
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
212
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient e…
New
|
CWE-89
SQL Injection
|
CVE-2024-9018
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
213
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8799
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
214
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_ar…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8793
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
215
|
- |
|
-
|
-
|
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8786
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
216
|
5.3 |
MEDIUM
Network
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
New
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
217
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
218
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8288
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
219
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and outp…
New
|
-
|
CVE-2024-9304
|
2024-10-1 17:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
220
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-1 17:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|