771
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient e…
|
CWE-89
SQL Injection
|
CVE-2024-9018
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
772
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8799
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
773
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_ar…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8793
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
774
|
- |
|
-
|
-
|
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8786
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
775
|
5.3 |
MEDIUM
Network
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
776
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
777
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8288
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
778
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and outp…
|
-
|
CVE-2024-9304
|
2024-10-1 17:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
779
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-1 17:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
780
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9272
|
2024-10-1 17:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|