|
271
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12466
|
2025-01-17 16:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12203
|
2025-01-17 16:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
- |
|
-
|
-
|
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is…
|
-
|
CVE-2024-11146
|
2025-01-17 16:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
7.5 |
HIGH
Network
|
-
|
-
|
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This m…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13333
|
2025-01-17 15:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authentic…
|
CWE-22
Path Traversal
|
CVE-2024-10799
|
2025-01-17 15:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13434
|
2025-01-17 14:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13401
|
2025-01-17 14:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13398
|
2025-01-17 14:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
4.0 |
MEDIUM
Local
|
-
|
-
|
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
|
CWE-471
Modification of Assumed-Immutable Data (MAID)
|
CVE-2024-51462
|
2025-01-17 12:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
- |
|
-
|
-
|
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.
|
-
|
CVE-2024-12806
|
2025-01-17 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
