|
2511
|
9.8 |
CRITICAL
Network
-
|
-
|
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' f…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10245
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2512
|
- |
|
-
|
-
|
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10323
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to …
|
-
|
CVE-2024-10179
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9357
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
- |
|
-
|
-
|
Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2024-47799
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
- |
|
-
|
-
|
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is explo…
|
CWE-78
OS Command
|
CVE-2024-45827
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
- |
|
-
|
-
|
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alt…
|
CWE-489
Exposure of Data Element to Wrong Session
|
CVE-2024-29075
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10790
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
- |
|
-
|
-
|
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
|
-
|
CVE-2024-23983
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
- |
|
-
|
-
|
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
|
-
|
CVE-2024-52532
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
