481
|
- |
|
-
|
-
|
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 d…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10233
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
482
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10185
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
483
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insuff…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10184
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
484
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9376
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
485
|
- |
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-50550
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
486
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all ver…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10437
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
487
|
8.8 |
HIGH
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possi…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-10436
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
488
|
- |
|
-
|
-
|
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input s…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10227
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
489
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
New
|
-
|
CVE-2024-51509
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
490
|
- |
|
-
|
-
|
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
New
|
-
|
CVE-2024-51508
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|