161
|
5.4 |
MEDIUM
Network
|
ninjateam
|
gdpr_ccpa_compliance_\&_cookie_consent_banner
|
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSetting…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5607
|
2024-10-30 05:08 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
162
|
7.6 |
HIGH
Physics
|
dell
|
vostro_5625_firmware vostro_5515_firmware vostro_5415_firmware vostro_3405_firmware vostro_16_5635_firmware vostro_15_3535_firmware vostro_15_3525_firmware vostro_15_3515_firmwar…
|
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Update
|
CWE-353
Missing Support for Integrity Check
|
CVE-2023-32475
|
2024-10-30 05:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
163
|
5.4 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in bloc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1988
|
2024-10-30 04:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
164
|
7.5 |
HIGH
Network
|
qodeinteractive
|
qi_addons_for_elementor
|
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_…
Update
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2024-4887
|
2024-10-30 04:52 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
165
|
5.4 |
MEDIUM
Network
|
nayrathemes
|
clever_fox
|
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-6876
|
2024-10-30 04:50 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
166
|
5.4 |
MEDIUM
Network
|
lightpress
|
lightbox
|
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5425
|
2024-10-30 04:49 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
167
|
5.3 |
MEDIUM
Network
themefarmer
|
woocommerce_tools
|
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to,…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-1689
|
2024-10-30 04:49 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
168
|
5.4 |
MEDIUM
Network
|
nayrathemes
|
clever_fox
|
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization an…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1768
|
2024-10-30 04:44 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
169
|
- |
|
-
|
-
|
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/m…
New
|
-
|
CVE-2024-48074
|
2024-10-30 04:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
170
|
- |
|
-
|
-
|
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
Update
|
-
|
CVE-2024-48239
|
2024-10-30 04:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|