1011
|
5.5 |
MEDIUM
Network
|
ibericode
|
mailchimp
|
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8680
|
2024-09-27 22:53 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1012
|
6.1 |
MEDIUM
Network
|
github
|
enterprise_server
|
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social enginee…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8770
|
2024-09-27 22:49 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1013
|
6.1 |
MEDIUM
Network
|
boopathirajan
|
wp_test_email
|
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8664
|
2024-09-27 22:48 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1014
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
|
NVD-CWE-noinfo
|
CVE-2018-20072
|
2024-09-27 22:46 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1015
|
4.3 |
MEDIUM
Network
|
radiustheme
|
classified_listing_-_classified_ads_\&_business_directory
|
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(…
|
CWE-862
Missing Authorization
|
CVE-2024-7888
|
2024-09-27 22:45 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1016
|
8.8 |
HIGH
Network
|
wpml
|
wpml
|
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation …
|
CWE-94
Code Injection
|
CVE-2024-6386
|
2024-09-27 22:25 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1017
|
8.8 |
HIGH
Network
|
acymailing
|
acymailing
|
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7384
|
2024-09-27 22:15 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1018
|
6.6 |
MEDIUM
Local
|
linux fedoraproject redhat
|
linux_kernel fedora enterprise_linux
|
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each itera…
|
NVD-CWE-Other
|
CVE-2024-0607
|
2024-09-27 22:15 |
2024-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1019
|
8.8 |
HIGH
Network
|
wpmarketingrobot
|
woocommerce_google_feed_manager
|
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2024-7258
|
2024-09-27 22:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1020
|
4.3 |
MEDIUM
Network
|
webba-booking
|
webba_booking
|
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() func…
|
CWE-862
Missing Authorization
|
CVE-2024-8432
|
2024-09-27 21:58 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|