431
|
7.2 |
HIGH
Network
|
benjaminrojas
|
wp_editor
|
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authen…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-2446
|
2024-09-27 10:09 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
432
|
5.4 |
MEDIUM
Network
|
arnoldgoodway
|
neighborly
|
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5869
|
2024-09-27 10:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
5.4 |
MEDIUM
Network
|
samiahmedsiddiqui
|
custom_permalinks
|
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names…
|
CWE-79
Cross-site Scripting
|
CVE-2023-0926
|
2024-09-27 10:01 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
5.4 |
MEDIUM
Network
|
dfactory
|
responsive_lightbox
|
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6870
|
2024-09-27 09:52 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
435
|
5.4 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5583
|
2024-09-27 09:47 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
436
|
8.1 |
HIGH
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_ad…
|
CWE-352
Origin Validation Error
|
CVE-2024-7568
|
2024-09-27 09:41 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
9.8 |
CRITICAL
Network
tosei-corporation
|
online_store_management_system
|
A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation…
|
NVD-CWE-noinfo
|
CVE-2024-7898
|
2024-09-27 09:34 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
438
|
8.8 |
HIGH
Network
|
tosei
|
online_store_management_system
|
A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipu…
|
CWE-77
Command Injection
|
CVE-2024-7897
|
2024-09-27 09:29 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
- |
|
-
|
-
|
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauth…
|
-
|
CVE-2024-8974
|
2024-09-27 08:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
- |
|
-
|
-
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsaniti…
|
-
|
CVE-2024-4099
|
2024-09-27 08:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|