1401
|
6.1 |
MEDIUM
Network
|
radiustheme
|
classima classima_core classified_listing_store_\&_membership classified_listing
|
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.2…
|
CWE-79
Cross-site Scripting
|
CVE-2022-2654
|
2024-09-27 21:41 |
2022-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1402
|
7.5 |
HIGH
Network
apache
|
inlong
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attac…
|
CWE-74
Injection
|
CVE-2023-43667
|
2024-09-27 21:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1403
|
7.8 |
HIGH
Local
|
hitachi
|
eh-view
|
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclos…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2023-39984
|
2024-09-27 11:15 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1404
|
8.8 |
HIGH
Network
|
tosei-corporation
|
online_store_management_system
|
A vulnerability was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/…
|
CWE-77
Command Injection
|
CVE-2024-7896
|
2024-09-27 10:16 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1405
|
7.2 |
HIGH
Network
|
benjaminrojas
|
wp_editor
|
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authen…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-2446
|
2024-09-27 10:09 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1406
|
5.4 |
MEDIUM
Network
|
arnoldgoodway
|
neighborly
|
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5869
|
2024-09-27 10:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1407
|
5.4 |
MEDIUM
Network
|
samiahmedsiddiqui
|
custom_permalinks
|
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names…
|
CWE-79
Cross-site Scripting
|
CVE-2023-0926
|
2024-09-27 10:01 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1408
|
5.4 |
MEDIUM
Network
|
dfactory
|
responsive_lightbox
|
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6870
|
2024-09-27 09:52 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1409
|
5.4 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5583
|
2024-09-27 09:47 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1410
|
8.1 |
HIGH
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_ad…
|
CWE-352
Origin Validation Error
|
CVE-2024-7568
|
2024-09-27 09:41 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|