|
312301
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312302
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312303
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312304
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9272
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312305
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escapin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9269
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312306
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9267
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312307
|
- |
|
-
|
-
|
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9119
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312308
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and inc…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9108
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312309
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9106
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312310
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8990
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
