431
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8482
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
432
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all …
New
|
CWE-862
Missing Authorization
|
CVE-2024-8431
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and includin…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9207
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
- |
|
-
|
-
|
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9005
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
435
|
- |
|
-
|
-
|
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
New
|
CWE-200
Information Exposure
|
CVE-2024-8884
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
436
|
- |
|
-
|
-
|
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output esca…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8488
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8629
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
438
|
- |
|
-
|
-
|
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft
2 application when a specially crafted project file is loaded by an application user.
New
|
CWE-20
Improper Input Validation
|
CVE-2024-8518
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and includ…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8433
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
- |
|
-
|
-
|
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial
of service and loss of confidentiality & integrity when application user opens a malicious Zelio
Soft 2 …
New
|
CWE-416
Use After Free
|
CVE-2024-8422
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|