771
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticat…
|
CWE-200
Information Exposure
|
CVE-2024-8483
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
772
|
7.3 |
HIGH
Network
-
|
-
|
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('com…
|
CWE-94
Code Injection
|
CVE-2024-8481
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
773
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeve…
|
CWE-352
Origin Validation Error
|
CVE-2024-8476
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
774
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up…
|
CWE-862
Missing Authorization
|
CVE-2024-8434
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
775
|
2.7 |
LOW
Network
|
-
|
-
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8350
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
776
|
7.2 |
HIGH
Network
|
-
|
-
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what user…
|
CWE-862
Missing Authorization
|
CVE-2024-8349
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
777
|
7.2 |
HIGH
Network
-
|
-
|
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7617
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
778
|
5.3 |
MEDIUM
Network
-
|
-
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due…
|
CWE-200
Information Exposure
|
CVE-2024-7426
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
779
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce valida…
|
CWE-352
Origin Validation Error
|
CVE-2024-7386
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
780
|
5.3 |
MEDIUM
Network
-
|
-
|
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_re…
|
CWE-862
Missing Authorization
|
CVE-2024-7491
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|