|
2221
|
5.4 |
MEDIUM
Network
|
sohelwpexpert
|
awesome_buttons
|
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10148
|
2024-11-7 01:02 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2222
|
8.1 |
HIGH
Network
|
buddypress
|
buddypress
|
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Su…
|
CWE-22
Path Traversal
|
CVE-2024-10011
|
2024-11-7 01:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2223
|
7.5 |
HIGH
Network
63moons
|
aero
wave_2.0
|
This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by interceptin…
|
NVD-CWE-Other
|
CVE-2024-51561
|
2024-11-7 00:59 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2224
|
6.1 |
MEDIUM
Network
|
bna
|
pospratik
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9147
|
2024-11-7 00:53 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2225
|
8.8 |
HIGH
Network
|
thimpress
|
wp_hotel_booking
|
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.
|
CWE-22
Path Traversal
|
CVE-2024-51582
|
2024-11-7 00:47 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2226
|
9.8 |
CRITICAL
Network
rainbow-link
|
all_post_contact_form
|
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50523
|
2024-11-7 00:46 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2227
|
7.5 |
HIGH
Network
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?t…
|
CWE-22
Path Traversal
|
CVE-2024-48931
|
2024-11-7 00:46 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2228
|
9.8 |
CRITICAL
Network
lunary
|
lunary
|
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, all…
|
CWE-89
SQL Injection
|
CVE-2024-7456
|
2024-11-7 00:45 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2229
|
4.8 |
MEDIUM
Network
|
dublue
|
table_of_contents_plus
|
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting atta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5578
|
2024-11-7 00:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2230
|
4.8 |
MEDIUM
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7877
|
2024-11-7 00:42 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
