171
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Sub…
New
|
CWE-22
Path Traversal
|
CVE-2024-44012
|
2024-10-5 20:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
172
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue a…
New
|
CWE-22
Path Traversal
|
CVE-2024-44011
|
2024-10-5 20:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
173
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, a…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9417
|
2024-10-5 19:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
174
|
- |
|
-
|
-
|
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulat…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9532
|
2024-10-5 17:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
175
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions …
New
|
-
|
CVE-2024-8486
|
2024-10-5 17:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
176
|
6.8 |
MEDIUM
Network
|
-
|
-
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8743
|
2024-10-5 16:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
177
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9528
|
2024-10-5 12:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
178
|
6.5 |
MEDIUM
Network
|
online_voting_system_project
|
online_voting_system
|
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by a…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-45987
|
2024-10-5 11:21 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
179
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
atak_plugin
|
The goTenna Pro ATAK Plugin has a payload length vulnerability that
makes it possible to tell the length of the payload regardless of the
encryption used.
Update
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-41715
|
2024-10-5 11:16 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
180
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitiz…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9455
|
2024-10-5 11:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|