|
1771
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10399
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1772
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitiz…
|
-
|
CVE-2024-9886
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1773
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9885
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1774
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9884
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1775
|
7.3 |
HIGH
Network
-
|
-
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1776
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8792
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1777
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and o…
|
-
|
CVE-2024-8627
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1778
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulati…
|
-
|
CVE-2024-10509
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1779
|
- |
|
-
|
-
|
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessin…
|
CWE-73
External Control of File Name or Path
|
CVE-2023-5816
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1780
|
- |
|
-
|
-
|
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to cod…
|
CWE-94
Code Injection
|
CVE-2024-10505
|
2024-11-1 21:57 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
