|
313101
|
4.8 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3899
|
2024-09-26 04:37 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313102
|
4.8 |
MEDIUM
Network
|
gsplugins
|
gs_logo_slider
|
The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7716
|
2024-09-26 04:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313103
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widge…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8440
|
2024-09-26 04:34 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313104
|
8.1 |
HIGH
Network
|
wpdelicious
|
wp_delicious
|
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in t…
|
NVD-CWE-Other
|
CVE-2024-7626
|
2024-09-26 04:32 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313105
|
8.8 |
HIGH
Network
|
fairsketch
|
rise_ultimate_project_manager
|
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipul…
|
CWE-89
SQL Injection
|
CVE-2024-8945
|
2024-09-26 04:24 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313106
|
4.3 |
MEDIUM
Network
|
contao
|
contao
|
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13…
|
CWE-22
Path Traversal
|
CVE-2024-45604
|
2024-09-26 04:22 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313107
|
5.4 |
MEDIUM
Network
|
wpbackgrounds
|
advanced_wordpress_backgrounds
|
The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8045
|
2024-09-26 04:22 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313108
|
8.8 |
HIGH
Network
|
contao
|
contao
|
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.1…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-45398
|
2024-09-26 04:20 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313109
|
4.8 |
MEDIUM
Network
|
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44676
|
2024-09-26 04:20 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313110
|
9.8 |
CRITICAL
Network
|
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-44677
|
2024-09-26 04:19 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
