|
311131
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10770
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311132
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10669
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311133
|
- |
|
-
|
-
|
The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts…
|
-
|
CVE-2024-10667
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311134
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9226
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311135
|
8.8 |
HIGH
Network
|
-
|
-
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-10674
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311136
|
8.8 |
HIGH
Network
|
-
|
-
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-10673
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311137
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10627
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311138
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up …
|
CWE-22
Path Traversal
|
CVE-2024-10626
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311139
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions…
|
CWE-22
Path Traversal
|
CVE-2024-10625
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311140
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9775
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
