431
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9951
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
432
|
- |
|
-
|
-
|
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing …
|
CWE-415 CWE-416
Double Free Use After Free
|
CVE-2024-3187
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
- |
|
-
|
-
|
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remot…
|
-
|
CVE-2024-3186
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
- |
|
-
|
-
|
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for all…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-3184
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
435
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9213
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
436
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to m…
|
CWE-352
Origin Validation Error
|
CVE-2024-9352
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
7.5 |
HIGH
Network
libexpat_project
|
libexpat
|
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
|
CWE-611
XXE
|
CVE-2024-45490
|
2024-10-18 21:24 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
438
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-6846
|
2024-10-18 21:19 |
2024-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
6.1 |
MEDIUM
Network
|
filemanagerpro
|
file_manager
|
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16967
|
2024-10-18 21:19 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
|
CWE-352
Origin Validation Error
|
CVE-2018-16966
|
2024-10-18 21:19 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|