11
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output esc…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9457
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate esca…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9377
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9205
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9072
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitizatio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9066
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
16
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and in…
New
|
CWE-862
Missing Authorization
|
CVE-2024-9065
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
17
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9064
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and includin…
New
|
-
|
CVE-2024-9057
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media sho…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8987
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
|
-
|
-
|
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8729
|
2024-10-10 11:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|