621
|
5.4 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in bloc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1988
|
2024-10-30 04:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
622
|
7.5 |
HIGH
Network
|
qodeinteractive
|
qi_addons_for_elementor
|
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_…
Update
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2024-4887
|
2024-10-30 04:52 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
623
|
5.4 |
MEDIUM
Network
|
nayrathemes
|
clever_fox
|
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-6876
|
2024-10-30 04:50 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
624
|
5.4 |
MEDIUM
Network
|
lightpress
|
lightbox
|
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5425
|
2024-10-30 04:49 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
625
|
5.3 |
MEDIUM
Network
themefarmer
|
woocommerce_tools
|
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to,…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-1689
|
2024-10-30 04:49 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
626
|
5.4 |
MEDIUM
Network
|
nayrathemes
|
clever_fox
|
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization an…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1768
|
2024-10-30 04:44 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
627
|
- |
|
-
|
-
|
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/m…
New
|
-
|
CVE-2024-48074
|
2024-10-30 04:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
628
|
- |
|
-
|
-
|
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
Update
|
-
|
CVE-2024-48239
|
2024-10-30 04:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
629
|
- |
|
-
|
-
|
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
Update
|
-
|
CVE-2024-48238
|
2024-10-30 04:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
630
|
- |
|
-
|
-
|
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\File…
Update
|
-
|
CVE-2024-48236
|
2024-10-30 04:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|