1091
|
5.4 |
MEDIUM
Network
|
codecabin
|
super_testimonials
|
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9127
|
2024-10-1 23:09 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1092
|
5.4 |
MEDIUM
Network
|
kingblack
|
king_ie
|
The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9125
|
2024-10-1 23:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1093
|
5.4 |
MEDIUM
Network
|
mapplic
|
mapplic
|
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9117
|
2024-10-1 22:56 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1094
|
5.4 |
MEDIUM
Network
|
chetanvaghela
|
common_tools_for_site
|
The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9115
|
2024-10-1 22:47 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1095
|
6.1 |
MEDIUM
Network
|
nitinmaurya
|
wordpress_visitors
|
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2022-4541
|
2024-10-1 22:46 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1096
|
5.3 |
MEDIUM
Network
codesupply
|
sight
|
The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-9025
|
2024-10-1 22:44 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1097
|
6.1 |
MEDIUM
Network
|
bizswoop
|
store_hours_for_woocommerce
|
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8872
|
2024-10-1 22:42 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1098
|
5.4 |
MEDIUM
Network
|
metagauss
|
profilegrid
|
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8861
|
2024-10-1 22:41 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1099
|
6.3 |
MEDIUM
Network
|
oretnom23
|
railway_reservation_system
|
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. Th…
|
CWE-862
Missing Authorization
|
CVE-2024-9297
|
2024-10-1 22:39 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1100
|
4.3 |
MEDIUM
Network
|
oretnom23
|
railway_reservation_system
|
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9298
|
2024-10-1 22:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|