231
|
- |
|
-
|
-
|
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role an…
|
-
|
CVE-2024-5429
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
232
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9347
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
233
|
- |
|
-
|
-
|
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9263
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
234
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8719
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
235
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authen…
|
CWE-200
Information Exposure
|
CVE-2024-7417
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
236
|
- |
|
-
|
-
|
In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution o…
|
-
|
CVE-2024-49593
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
237
|
5.3 |
MEDIUM
Network
-
|
-
|
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from su…
|
CWE-75
Special Element Injection
|
CVE-2024-9940
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
238
|
9.8 |
CRITICAL
Network
-
|
-
|
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. Th…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-9863
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
239
|
9.8 |
CRITICAL
Network
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-co…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9862
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
240
|
8.1 |
HIGH
Network
|
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being…
|
-
|
CVE-2024-9861
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|