11
|
- |
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-50504
|
2024-10-30 17:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
- |
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-50503
|
2024-10-30 17:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
- |
|
-
|
-
|
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
New
|
-
|
CVE-2024-8444
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10223
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
7.2 |
HIGH
Network
-
|
-
|
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10108
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
16
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to…
Update
|
CWE-22
Path Traversal
|
CVE-2024-9675
|
2024-10-30 16:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8871
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
New
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
New
|
-
|
CVE-2024-9886
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|