41
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10117
|
2024-10-26 21:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
7.3 |
HIGH
Network
-
|
-
|
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowin…
New
|
-
|
CVE-2024-9772
|
2024-10-26 19:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
43
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and o…
New
|
-
|
CVE-2024-9116
|
2024-10-26 19:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/cla…
New
|
CWE-200
Information Exposure
|
CVE-2024-10357
|
2024-10-26 19:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_more shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitizat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9967
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9853
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitizati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9642
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
8.8 |
HIGH
Network
|
-
|
-
|
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin no…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9637
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
7.2 |
HIGH
Network
|
-
|
-
|
The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it …
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-8392
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
|
-
|
-
|
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to inform…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-0128
|
2024-10-26 18:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|