941
|
6.1 |
MEDIUM
Network
|
leira
|
roles_\&_capabilities
|
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8732
|
2024-09-27 05:01 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
942
|
6.1 |
MEDIUM
Network
|
cvstech
|
exit_notifier
|
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8730
|
2024-09-27 04:58 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
943
|
6.1 |
MEDIUM
Network
|
leira
|
cron_jobs
|
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8731
|
2024-09-27 04:43 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
944
|
9.8 |
CRITICAL
Network
dedecms
|
dedecms
|
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-40784
|
2024-09-27 04:35 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
945
|
7.8 |
HIGH
Local
|
raidenftpd
|
raidenftpd
|
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-39063
|
2024-09-27 04:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
946
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c3150_firmware
|
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
|
CWE-78
OS Command
|
CVE-2023-38588
|
2024-09-27 04:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
947
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
948
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
949
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
950
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|