181
|
5.4 |
MEDIUM
Network
|
acekyd
|
display_medium_posts
|
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insuffici…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9445
|
2024-10-11 05:58 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
182
|
5.4 |
MEDIUM
Network
|
davidartiss
|
code_embed
|
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8804
|
2024-10-11 05:56 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
183
|
6.1 |
MEDIUM
Network
|
wpfactory
|
quantity_dynamic_pricing_\&_bulk_discounts_for_woocommerce
|
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9384
|
2024-10-11 05:52 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
184
|
6.1 |
MEDIUM
Network
|
techbanker
|
captcha_bank
|
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9375
|
2024-10-11 05:44 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
185
|
5.4 |
MEDIUM
Network
|
wpblockshub
|
wp_blocks_hub
|
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9372
|
2024-10-11 05:36 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
186
|
5.4 |
MEDIUM
Network
|
miguelmello
|
aggregator_advanced_settings
|
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitizat…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9368
|
2024-10-11 05:30 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
187
|
6.1 |
MEDIUM
Network
|
michaeluno
|
auto_amazon_links
|
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9349
|
2024-10-11 05:25 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
188
|
8.8 |
HIGH
Network
|
wpzoom
|
social_icons_widget
|
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30464
|
2024-10-11 05:24 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
189
|
9.8 |
CRITICAL
Network
stanford
|
stanford_parser
|
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an…
Update
|
CWE-94
Code Injection
|
CVE-2023-39020
|
2024-10-11 05:22 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
190
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30465
|
2024-10-11 05:20 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|