2481
|
9.8 |
CRITICAL
Network
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions…
|
CWE-22
Path Traversal
|
CVE-2024-10625
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2482
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9775
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2483
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitiza…
|
-
|
CVE-2024-9270
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2484
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9262
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2485
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8960
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2486
|
- |
|
-
|
-
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restriction…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10779
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2487
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it poss…
|
CWE-862
Missing Authorization
|
CVE-2024-10588
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2488
|
9.8 |
CRITICAL
Network
-
|
-
|
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-10586
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2489
|
6.5 |
MEDIUM
Network
-
|
-
|
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2024-10294
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2490
|
9.8 |
CRITICAL
Network
-
|
-
|
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attack…
|
CWE-200
Information Exposure
|
CVE-2024-10285
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|