|
861
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to…
New
|
-
|
CVE-2024-10852
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10851
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10850
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due t…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10778
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license fun…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10717
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
8.8 |
HIGH
Network
|
-
|
-
|
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and i…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10629
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ????(Fat Rat Collect) ????????????????, ??????????????????????????? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, an…
New
|
-
|
CVE-2024-10577
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escap…
New
|
CWE-80
Basic XSS
|
CVE-2024-10038
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
5.3 |
MEDIUM
Network
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions a…
Update
|
CWE-22
Path Traversal
|
CVE-2021-26086
|
2024-11-13 11:00 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
870
|
- |
|
cisco
|
adaptive_security_appliance_software
|
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2014-2120
|
2024-11-13 11:00 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
