|
1451
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license fun…
|
CWE-862
Missing Authorization
|
CVE-2024-10717
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1452
|
8.8 |
HIGH
Network
|
-
|
-
|
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-10629
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1453
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ????(Fat Rat Collect) ????????????????, ??????????????????????????? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, an…
|
-
|
CVE-2024-10577
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1454
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escap…
|
CWE-80
Basic XSS
|
CVE-2024-10038
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1455
|
5.3 |
MEDIUM
Network
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions a…
|
CWE-22
Path Traversal
|
CVE-2021-26086
|
2024-11-13 11:00 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1456
|
8.8 |
HIGH
Network
|
meowapps
|
photo_engine
|
Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.
|
CWE-862
Missing Authorization
|
CVE-2024-43332
|
2024-11-13 10:25 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1457
|
9.8 |
CRITICAL
Network
wpdeveloper
|
reviewx
|
Missing Authorization vulnerability in ReviewX allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviewX: from n/a through 1.6.28.
|
CWE-862
Missing Authorization
|
CVE-2024-43323
|
2024-11-13 10:25 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1458
|
8.8 |
HIGH
Network
|
gabelivan
|
asset_cleanup
|
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Spee…
|
CWE-862
Missing Authorization
|
CVE-2024-43314
|
2024-11-13 10:25 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1459
|
9.8 |
CRITICAL
Network
arraytics
|
wp_timetics
|
Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.
|
CWE-862
Missing Authorization
|
CVE-2024-43923
|
2024-11-13 10:24 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1460
|
8.8 |
HIGH
Network
|
beardev
|
joomsport
|
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.
|
CWE-862
Missing Authorization
|
CVE-2024-43355
|
2024-11-13 10:24 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
