461
|
- |
|
-
|
-
|
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields no…
|
-
|
CVE-2024-38820
|
2024-10-18 15:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
462
|
- |
|
-
|
-
|
The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9892
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
463
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9848
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
464
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escapin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9452
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
465
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9383
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
466
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9382
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
467
|
- |
|
-
|
-
|
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escap…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9373
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
468
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9366
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
469
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-9364
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
470
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configura…
|
-
|
CVE-2024-9361
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|