|
2541
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through 1…
|
CWE-89
SQL Injection
|
CVE-2024-55975
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2542
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-54350
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2543
|
- |
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: fr…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-54270
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2544
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.…
|
CWE-862
Missing Authorization
|
CVE-2024-52485
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2545
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49677
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2546
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_…
|
CWE-862
Missing Authorization
|
CVE-2024-11926
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2547
|
7.5 |
HIGH
Network
-
|
-
|
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient esc…
|
CWE-89
SQL Injection
|
CVE-2024-11912
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2548
|
5.3 |
MEDIUM
Network
-
|
-
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and in…
|
CWE-200
Information Exposure
|
CVE-2024-11291
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2549
|
6.8 |
MEDIUM
Network
|
-
|
-
|
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes withou…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-47104
|
2024-12-18 20:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2550
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_…
|
CWE-352
Origin Validation Error
|
CVE-2024-12554
|
2024-12-18 19:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
