|
2191
|
7.5 |
HIGH
Network
everestthemes
|
everest_backup
|
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-10028
|
2024-11-9 06:21 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2192
|
6.1 |
MEDIUM
Network
|
westguardsolutions
|
ws_form
|
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10647
|
2024-11-9 06:20 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
4.3 |
MEDIUM
Network
|
tumult
|
tumult_hype_animations
|
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and inc…
|
CWE-862
Missing Authorization
|
CVE-2024-10543
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
5.3 |
MEDIUM
Network
martinvalchev
|
video_gallery_for_woocommerce
|
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-10535
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2195
|
8.1 |
HIGH
Network
|
heateor
|
social_login
|
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being…
|
NVD-CWE-noinfo
|
CVE-2024-10020
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2196
|
8.8 |
HIGH
Network
|
themelooks
|
mfolio
|
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, w…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9307
|
2024-11-9 06:18 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
5.3 |
MEDIUM
Network
theinnovs
|
eleforms
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all v…
|
CWE-862
Missing Authorization
|
CVE-2024-6626
|
2024-11-9 06:18 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2198
|
9.8 |
CRITICAL
Network
fortinet
|
fortimanager_cloud
fortimanager
|
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47575
|
2024-11-9 06:16 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2199
|
5.3 |
MEDIUM
Network
eclipse
|
jetty
|
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation …
|
NVD-CWE-Other
|
CVE-2024-6763
|
2024-11-9 06:15 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2200
|
9.8 |
CRITICAL
Network
websiteinwp
|
blogpoet
|
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
|
CWE-862
Missing Authorization
|
CVE-2024-43998
|
2024-11-9 06:11 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
