31
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6617
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6493
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
6.8 |
MEDIUM
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary f…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-7863
|
2024-09-28 06:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
4.8 |
MEDIUM
Network
|
premio
|
my_sticky_bar
|
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputtin…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7133
|
2024-09-28 06:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
6.5 |
MEDIUM
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitra…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-7864
|
2024-09-28 06:26 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
6.5 |
MEDIUM
Network
|
gowildchild
|
visual_sound
|
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8047
|
2024-09-28 06:25 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component …
New
|
CWE-89
SQL Injection
|
CVE-2024-9293
|
2024-09-28 06:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
- |
|
-
|
-
|
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9291
|
2024-09-28 06:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
|
-
|
-
|
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values pass…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47186
|
2024-09-28 06:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
New
|
-
|
CVE-2024-46453
|
2024-09-28 06:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|