1201
|
- |
|
-
|
-
|
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8786
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1202
|
5.3 |
MEDIUM
Network
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1203
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1204
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8288
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1205
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and outp…
|
-
|
CVE-2024-9304
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1206
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1207
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9272
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1208
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escapin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9269
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1209
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9267
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1210
|
- |
|
-
|
-
|
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user…
|
-
|
CVE-2024-9145
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|