|
313691
|
8.8 |
HIGH
Network
|
sendinblue
|
newsletter\
_smtp\
_email_marketing_and_subscribe
|
Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms b…
|
CWE-352
Origin Validation Error
|
CVE-2024-43287
|
2024-09-13 06:19 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313692
|
4.3 |
MEDIUM
Network
|
wpbackitup
|
backup_and_restore_wordpress
|
Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
|
CWE-352
Origin Validation Error
|
CVE-2024-43269
|
2024-09-13 06:18 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313693
|
8.8 |
HIGH
Network
|
themewinter
|
wpcafe
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
|
CWE-22
Path Traversal
|
CVE-2024-43135
|
2024-09-13 06:18 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313694
|
3.5 |
LOW
Network
|
analytify
|
analytify_-_google_analytics_dashboard
|
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-43265
|
2024-09-13 06:17 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313695
|
7.5 |
HIGH
Network
|
storelocatorplus
|
store_locator_plus
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
|
NVD-CWE-noinfo
|
CVE-2024-43258
|
2024-09-13 06:11 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313696
|
8.8 |
HIGH
Network
|
mage-people
|
event_manager_and_tickets_selling_for_woocommerce
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event …
|
CWE-22
Path Traversal
|
CVE-2024-43138
|
2024-09-13 06:11 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313697
|
6.5 |
MEDIUM
Network
|
nouthemes
|
leopard
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
|
NVD-CWE-noinfo
|
CVE-2024-43257
|
2024-09-13 06:09 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313698
|
5.4 |
MEDIUM
Network
|
piotnet
|
piotnet_addons
|
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5502
|
2024-09-13 06:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313699
|
4.9 |
MEDIUM
Network
|
continew
|
continew_admin
|
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /ap…
|
CWE-89
SQL Injection
|
CVE-2024-8150
|
2024-09-13 06:01 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313700
|
6.5 |
MEDIUM
Network
|
9front
|
lib9p
|
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8158
|
2024-09-13 06:00 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
