|
311801
|
- |
|
-
|
-
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9873
|
2024-10-16 15:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311802
|
7.7 |
HIGH
Network
|
podman_project
redhat
fedoraproject
|
podman
enterprise_linux
openshift_container_platform
fedora
|
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-3056
|
2024-10-16 14:15 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311803
|
- |
|
-
|
-
|
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.
|
-
|
CVE-2024-10018
|
2024-10-16 12:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311804
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugi…
|
CWE-862
Missing Authorization
|
CVE-2024-9891
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311805
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization a…
|
-
|
CVE-2024-9652
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311806
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9647
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311807
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on use…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9521
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311808
|
8.1 |
HIGH
Network
|
-
|
-
|
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_passwo…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9305
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311809
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimat…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9105
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311810
|
5.6 |
MEDIUM
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated v…
|
CWE-703
Improper Check or Handling of Exceptional Conditions
|
CVE-2024-9104
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
