|
312701
|
5.4 |
MEDIUM
Network
|
arnoldgoodway
|
neighborly
|
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5869
|
2024-09-27 10:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312702
|
5.4 |
MEDIUM
Network
|
samiahmedsiddiqui
|
custom_permalinks
|
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names…
|
CWE-79
Cross-site Scripting
|
CVE-2023-0926
|
2024-09-27 10:01 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312703
|
5.4 |
MEDIUM
Network
|
dfactory
|
responsive_lightbox
|
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6870
|
2024-09-27 09:52 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312704
|
5.4 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5583
|
2024-09-27 09:47 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312705
|
6.1 |
MEDIUM
Network
|
instawp
|
string_locator
|
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2023-6987
|
2024-09-27 07:34 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312706
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7778
|
2024-09-27 07:22 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312707
|
6.5 |
MEDIUM
Network
|
mediajedi
|
user_private_files
|
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7848
|
2024-09-27 07:12 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312708
|
5.3 |
MEDIUM
Network
|
maxfoundry
|
maxbuttons
|
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to …
|
NVD-CWE-noinfo
|
CVE-2024-6499
|
2024-09-27 07:07 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312709
|
5.4 |
MEDIUM
Network
|
pixelgrade
|
nova_blocks
|
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8241
|
2024-09-27 07:03 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312710
|
4.3 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disab…
|
CWE-352
Origin Validation Error
|
CVE-2023-2919
|
2024-09-27 06:59 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
