|
2121
|
- |
|
-
|
-
|
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability exists that could cause retrieval of password hash that could lead to denial of service…
|
-
|
CVE-2024-8933
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2122
|
7.5 |
HIGH
Network
-
|
-
|
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticat…
|
-
|
CVE-2024-10816
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2123
|
5.3 |
MEDIUM
Network
-
|
-
|
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and …
|
CWE-862
Missing Authorization
|
CVE-2024-10802
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2124
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient res…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10794
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2125
|
7.3 |
HIGH
Network
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10174
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2126
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10882
|
2024-11-13 12:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2127
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
|
CWE-352
Origin Validation Error
|
CVE-2024-10593
|
2024-11-13 12:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2128
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9614
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2129
|
- |
|
-
|
-
|
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This …
|
CWE-862
Missing Authorization
|
CVE-2024-9578
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2130
|
- |
|
-
|
-
|
The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9426
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
