1
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and includin…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8717
|
2024-10-24 18:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible …
New
|
CWE-200
Information Exposure
|
CVE-2024-10050
|
2024-10-24 18:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due …
New
|
CWE-352
Origin Validation Error
|
CVE-2024-9943
|
2024-10-24 17:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent…
New
|
CWE-285
Improper Authorization
|
CVE-2024-9531
|
2024-10-24 17:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activ…
New
|
CWE-862
Missing Authorization
|
CVE-2024-8667
|
2024-10-24 17:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
|
-
|
-
|
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attack…
New
|
-
|
CVE-2024-6049
|
2024-10-24 17:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
|
-
|
-
|
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9865
|
2024-10-24 16:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9864
|
2024-10-24 16:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
|
-
|
-
|
An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obta…
New
|
-
|
CVE-2024-40595
|
2024-10-24 15:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin…
New
|
-
|
CVE-2024-9374
|
2024-10-24 14:15 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|