|
2151
|
- |
|
-
|
-
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code …
|
-
|
CVE-2024-32839
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2152
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10887
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2153
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions…
|
CWE-862
Missing Authorization
|
CVE-2024-10854
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2154
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and inclu…
|
CWE-862
Missing Authorization
|
CVE-2024-10853
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to…
|
-
|
CVE-2024-10852
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2156
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10851
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2157
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10850
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2158
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10778
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2159
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license fun…
|
CWE-862
Missing Authorization
|
CVE-2024-10717
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2160
|
8.8 |
HIGH
Network
|
-
|
-
|
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-10629
|
2024-11-13 11:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
