2311
|
4.3 |
MEDIUM
Network
|
katieseaborn
|
zotpress
|
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-7429
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2312
|
9.8 |
CRITICAL
Network
contest-gallery
|
contest_gallery
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection …
|
CWE-89
SQL Injection
|
CVE-2024-10687
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2313
|
4.3 |
MEDIUM
Network
|
wpxpro
|
xpro_addons_for_elementor
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets…
|
NVD-CWE-noinfo
|
CVE-2024-10319
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2314
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9878
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2315
|
8.8 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7985
|
2024-11-9 00:22 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2316
|
4.8 |
MEDIUM
Network
|
robosoft
|
robo_gallery
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-49696
|
2024-11-9 00:21 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2317
|
6.5 |
MEDIUM
Network
|
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a pa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-51556
|
2024-11-9 00:20 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2318
|
5.4 |
MEDIUM
Network
|
spiffyplugins
|
wp_flow_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49695
|
2024-11-9 00:20 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2319
|
6.5 |
MEDIUM
Network
|
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “u…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-51559
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2320
|
9.8 |
CRITICAL
Network
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduc…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-51558
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|