21
|
5.3 |
MEDIUM
Network
-
|
-
|
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-10544
|
2024-10-31 11:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
22
|
9.8 |
CRITICAL
Network
swoopnow
|
1-click_login\
|
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:…
New
|
CWE-287
Improper Authentication
|
CVE-2024-50478
|
2024-10-31 10:44 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
23
|
5.4 |
MEDIUM
Network
|
amilia
|
store
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-50472
|
2024-10-31 10:42 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
5.4 |
MEDIUM
Network
|
checklist
|
trip_plan
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.1…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-50471
|
2024-10-31 10:37 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
5.4 |
MEDIUM
Network
|
themes4wp
|
youtube_external_subtitles
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-50470
|
2024-10-31 10:30 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
6.5 |
MEDIUM
Network
|
squirrly
|
premium_seo_pack
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: …
New
|
CWE-89
SQL Injection
|
CVE-2024-50465
|
2024-10-31 10:27 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
8.8 |
HIGH
Network
|
projectworlds
|
online_time_table_generator
|
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashbo…
New
|
CWE-89
SQL Injection
|
CVE-2024-10447
|
2024-10-31 10:23 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
9.8 |
CRITICAL
Network
lubus
|
wp_query_console
|
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
New
|
CWE-94
Code Injection
|
CVE-2024-50498
|
2024-10-31 10:16 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
29
|
- |
|
-
|
-
|
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
New
|
-
|
CVE-2024-48307
|
2024-10-31 10:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
|
-
|
-
|
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprof…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-10557
|
2024-10-31 10:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|