431
|
- |
|
-
|
-
|
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and out…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9118
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
432
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9060
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
- |
|
-
|
-
|
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protec…
New
|
-
|
CVE-2023-3441
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
9.8 |
CRITICAL
Network
-
|
-
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9289
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
435
|
9.8 |
CRITICAL
Network
-
|
-
|
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-9265
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
436
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9241
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9228
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
438
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated…
New
|
-
|
CVE-2024-9224
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9220
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9209
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|