561
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9589
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
562
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-9588
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
563
|
- |
|
-
|
-
|
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/…
New
|
CWE-200
Information Exposure
|
CVE-2024-9541
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
564
|
8.6 |
HIGH
Network
-
|
-
|
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, …
New
|
CWE-200
Information Exposure
|
CVE-2024-9627
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
565
|
5.3 |
MEDIUM
Network
-
|
-
|
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes i…
New
|
CWE-200
Information Exposure
|
CVE-2024-8852
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
566
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10003
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
567
|
8.8 |
HIGH
Network
|
-
|
-
|
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_r…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10002
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
568
|
5.5 |
MEDIUM
Local
|
-
|
-
|
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-9677
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
569
|
- |
|
-
|
-
|
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated int…
New
|
-
|
CVE-2024-8901
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
570
|
- |
|
-
|
-
|
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack d…
New
|
-
|
CVE-2024-47224
|
2024-10-24 00:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|