|
801
|
- |
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-50503
|
2024-10-30 17:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
- |
|
-
|
-
|
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
New
|
-
|
CVE-2024-8444
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10223
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
7.2 |
HIGH
Network
-
|
-
|
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10108
|
2024-10-30 16:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
805
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8871
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
New
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-10-30 15:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
New
|
-
|
CVE-2024-9886
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitiza…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9884
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
7.3 |
HIGH
Network
-
|
-
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
New
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-10-30 12:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
