471
|
7.2 |
HIGH
Network
-
|
-
|
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10108
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
472
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to…
Update
|
CWE-22
Path Traversal
|
CVE-2024-9675
|
2024-10-30 16:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
473
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8871
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
474
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
New
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
475
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
New
|
-
|
CVE-2024-9886
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
476
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
477
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitiza…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9884
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
478
|
7.3 |
HIGH
Network
-
|
-
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
New
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
479
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8792
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
480
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and o…
New
|
-
|
CVE-2024-8627
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|