1571
|
5.4 |
MEDIUM
Network
|
mailoptin
|
mailoptin
|
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all ve…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8628
|
2024-09-27 01:42 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1572
|
5.4 |
MEDIUM
Network
|
themelooks
|
enter_addons
|
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7611
|
2024-09-27 01:42 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1573
|
9.1 |
CRITICAL
Network
exthemes
|
wooevents
|
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, a…
|
CWE-22
Path Traversal
|
CVE-2024-8671
|
2024-09-27 01:38 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1574
|
5.4 |
MEDIUM
Network
|
wp-brandtheme
|
preloader_plus
|
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6849
|
2024-09-27 01:36 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1575
|
- |
|
-
|
-
|
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
|
-
|
CVE-2024-44825
|
2024-09-27 01:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1576
|
4.8 |
MEDIUM
Network
|
tagdiv
|
tagdiv_composer
|
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin pr…
|
CWE-79
Cross-site Scripting
|
CVE-2023-3170
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1577
|
6.1 |
MEDIUM
Network
|
tagdiv
|
tagdiv_composer
|
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as esca…
|
-
|
CVE-2023-3169
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1578
|
6.1 |
MEDIUM
Network
|
gappointments
|
gappointments
|
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
|
-
|
CVE-2023-2705
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1579
|
9.8 |
CRITICAL
Network
arris
|
tg852g_firmware tg862g_firmware tg1672g_firmware
|
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.
|
NVD-CWE-noinfo
|
CVE-2023-40039
|
2024-09-27 01:35 |
2023-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1580
|
7.5 |
HIGH
Network
hamza417
|
inure
|
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
|
NVD-CWE-noinfo
|
CVE-2023-4876
|
2024-09-27 01:35 |
2023-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|