2311
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10879
|
2024-12-6 18:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2312
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10849
|
2024-12-6 18:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2313
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal w…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10692
|
2024-12-6 18:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2314
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10689
|
2024-12-6 18:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2315
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10320
|
2024-12-6 18:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2316
|
8.1 |
HIGH
Network
|
-
|
-
|
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or ti…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-11178
|
2024-12-6 16:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2317
|
- |
|
-
|
-
|
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in …
|
-
|
CVE-2024-11585
|
2024-12-6 15:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2318
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11201
|
2024-12-6 15:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2319
|
- |
|
-
|
-
|
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versio…
|
-
|
CVE-2024-10578
|
2024-12-6 15:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2320
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticat…
|
-
|
CVE-2024-9852
|
2024-12-6 15:15 |
2024-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|