|
1211
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10693
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
8.8 |
HIGH
Network
|
-
|
-
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-10674
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
8.8 |
HIGH
Network
|
-
|
-
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versio…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-10673
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
9.8 |
CRITICAL
Network
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions …
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10627
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1215
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up …
Update
|
CWE-22
Path Traversal
|
CVE-2024-10626
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
9.8 |
CRITICAL
Network
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions…
Update
|
CWE-22
Path Traversal
|
CVE-2024-10625
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1217
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklis…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9775
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitiza…
Update
|
-
|
CVE-2024-9270
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitizat…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8960
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9262
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
