|
1361
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization…
|
CWE-89
SQL Injection
|
CVE-2024-31892
|
2024-12-14 22:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
7.8 |
HIGH
Local
|
-
|
-
|
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-31891
|
2024-12-14 22:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
8.1 |
HIGH
Network
|
-
|
-
|
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select …
|
CWE-269
Improper Privilege Management
|
CVE-2024-11721
|
2024-12-14 18:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
7.2 |
HIGH
Network
-
|
-
|
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11720
|
2024-12-14 18:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1365
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12628
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12446
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
4.8 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() …
|
CWE-862
Missing Authorization
|
CVE-2024-11715
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() func…
|
CWE-89
SQL Injection
|
CVE-2024-11714
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() func…
|
CWE-89
SQL Injection
|
CVE-2024-11713
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResume…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-11712
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
