|
310851
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2024-11085
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310852
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10884
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310853
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the U…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10883
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310854
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and includin…
|
-
|
CVE-2024-10875
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310855
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.…
|
CWE-862
Missing Authorization
|
CVE-2024-10533
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310856
|
- |
|
-
|
-
|
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10147
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310857
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10017
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310858
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin…
|
CWE-862
Missing Authorization
|
CVE-2024-10861
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310859
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on w…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10795
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310860
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and inclu…
|
CWE-862
Missing Authorization
|
CVE-2024-10786
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
