421
|
7.2 |
HIGH
Network
|
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insu…
New
|
CWE-89
SQL Injection
|
CVE-2024-9130
|
2024-09-27 15:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
422
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient i…
New
|
-
|
CVE-2024-8965
|
2024-09-27 15:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
423
|
8.8 |
HIGH
Network
|
-
|
-
|
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untr…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8922
|
2024-09-27 15:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
424
|
- |
|
-
|
-
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and …
New
|
-
|
CVE-2024-7714
|
2024-09-27 15:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
425
|
- |
|
-
|
-
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
New
|
-
|
CVE-2024-7713
|
2024-09-27 15:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
426
|
- |
|
-
|
-
|
Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-…
New
|
-
|
CVE-2024-7011
|
2024-09-27 12:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
427
|
7.8 |
HIGH
Local
|
hitachi
|
eh-view
|
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclos…
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2023-39984
|
2024-09-27 11:15 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
428
|
8.8 |
HIGH
Network
|
tosei-corporation
|
online_store_management_system
|
A vulnerability was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/…
Update
|
CWE-77
Command Injection
|
CVE-2024-7896
|
2024-09-27 10:16 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
429
|
7.2 |
HIGH
Network
|
benjaminrojas
|
wp_editor
|
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authen…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-2446
|
2024-09-27 10:09 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
430
|
5.4 |
MEDIUM
Network
|
arnoldgoodway
|
neighborly
|
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficie…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5869
|
2024-09-27 10:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|