|
311991
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is …
|
CWE-89
SQL Injection
|
CVE-2024-8757
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311992
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9696
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311993
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9595
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311994
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8915
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311995
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to…
|
CWE-94
Code Injection
|
CVE-2024-8760
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311996
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in ver…
|
-
|
CVE-2024-9756
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311997
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9704
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311998
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated at…
|
CWE-22
Path Traversal
|
CVE-2024-9047
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311999
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' fu…
|
CWE-862
Missing Authorization
|
CVE-2024-9824
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312000
|
- |
|
-
|
-
|
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2024-9778
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
