21
|
- |
|
-
|
-
|
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user suppli…
New
|
CWE-89
SQL Injection
|
CVE-2024-10341
|
2024-10-25 17:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10150
|
2024-10-25 17:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9607
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
8.1 |
HIGH
Network
|
-
|
-
|
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is d…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9302
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
8.8 |
HIGH
Network
|
-
|
-
|
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_op…
New
|
CWE-285
Improper Authorization
|
CVE-2024-9235
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
- |
|
-
|
-
|
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
New
|
-
|
CVE-2024-50583
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10148
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
- |
|
-
|
-
|
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Su…
New
|
-
|
CVE-2024-10011
|
2024-10-25 16:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
9.8 |
CRITICAL
Network
-
|
-
|
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned b…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9488
|
2024-10-25 15:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
30
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function…
New
|
CWE-862
Missing Authorization
|
CVE-2024-9109
|
2024-10-25 15:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|