1211
|
- |
|
-
|
-
|
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9119
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1212
|
9.8 |
CRITICAL
Network
-
|
-
|
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and inc…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9108
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1213
|
9.8 |
CRITICAL
Network
-
|
-
|
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9106
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1214
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8990
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1215
|
- |
|
-
|
-
|
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials…
|
-
|
CVE-2024-8989
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1216
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8728
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1217
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8727
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1218
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8720
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1219
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8718
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1220
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and incl…
|
CWE-862
Missing Authorization
|
CVE-2024-8675
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|