|
1951
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11442
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1952
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11433
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1953
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping o…
|
CWE-89
SQL Injection
|
CVE-2024-11430
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1954
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11427
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1955
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the get3_init_a…
|
CWE-352
Origin Validation Error
|
CVE-2024-11419
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1956
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation …
|
CWE-352
Origin Validation Error
|
CVE-2024-11417
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1957
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11413
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1958
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11279
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1959
|
9.8 |
CRITICAL
Network
-
|
-
|
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing …
|
CWE-287
Improper Authentication
|
CVE-2024-11015
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1960
|
8.1 |
HIGH
Network
|
-
|
-
|
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the…
|
CWE-287
Improper Authentication
|
CVE-2024-10111
|
2024-12-12 13:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
