|
310841
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, …
|
CWE-862
Missing Authorization
|
CVE-2024-10614
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310842
|
8.8 |
HIGH
Network
|
-
|
-
|
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_re…
|
CWE-862
Missing Authorization
|
CVE-2024-10728
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310843
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9938
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310844
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9850
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310845
|
- |
|
-
|
-
|
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.3.5.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9615
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310846
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9386
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310847
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_req…
|
CWE-269
Improper Privilege Management
|
CVE-2024-9192
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310848
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to mi…
|
CWE-352
Origin Validation Error
|
CVE-2024-6628
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310849
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePlu…
|
CWE-352
Origin Validation Error
|
CVE-2024-11118
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310850
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11092
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
