611
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to in…
|
CWE-87
Improper Neutralization of Alternate XSS Syntax
|
CVE-2024-8505
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
612
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all vers…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8282
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
613
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.…
|
CWE-22
Path Traversal
|
CVE-2024-44017
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
614
|
9.1 |
CRITICAL
Network
-
|
-
|
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-35293
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
615
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9378
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
616
|
- |
|
-
|
-
|
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9344
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
617
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the us…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9218
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
618
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9225
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
619
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9222
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
620
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9210
|
2024-10-4 22:50 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|