|
571
|
7.3 |
HIGH
Network
pluginus
|
wordpress_meta_data_and_taxonomies_filter
|
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing …
Update
|
CWE-94
Code Injection
|
CVE-2024-8623
|
2024-09-27 01:46 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
572
|
8.8 |
HIGH
Network
|
ba-booking
|
ba_book_everything
|
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_ac…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8795
|
2024-09-27 01:46 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
9.9 |
CRITICAL
Network
|
pluginus
|
wordpress_meta_data_and_taxonomies_filter
|
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1…
Update
|
CWE-89
SQL Injection
|
CVE-2024-8624
|
2024-09-27 01:45 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
5.4 |
MEDIUM
Network
|
wpcodeus
|
advanced_sermons
|
The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanit…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7599
|
2024-09-27 01:45 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
5.4 |
MEDIUM
Network
|
mailoptin
|
mailoptin
|
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all ve…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8628
|
2024-09-27 01:42 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
5.4 |
MEDIUM
Network
|
themelooks
|
enter_addons
|
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7611
|
2024-09-27 01:42 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
9.1 |
CRITICAL
Network
exthemes
|
wooevents
|
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, a…
Update
|
CWE-22
Path Traversal
|
CVE-2024-8671
|
2024-09-27 01:38 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
578
|
5.4 |
MEDIUM
Network
|
wp-brandtheme
|
preloader_plus
|
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insuffic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6849
|
2024-09-27 01:36 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
- |
|
-
|
-
|
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.
New
|
-
|
CVE-2024-30134
|
2024-09-27 01:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
- |
|
-
|
-
|
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
Update
|
-
|
CVE-2024-46489
|
2024-09-27 01:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
