|
313371
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10181
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313372
|
- |
|
-
|
-
|
A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The ma…
|
CWE-89
SQL Injection
|
CVE-2017-20195
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313373
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/wi…
|
-
|
CVE-2024-10360
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313374
|
- |
|
-
|
-
|
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 d…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10233
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313375
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10185
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313376
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insuff…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10184
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313377
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9376
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313378
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all ver…
|
CWE-862
Missing Authorization
|
CVE-2024-10437
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313379
|
8.8 |
HIGH
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possi…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-10436
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313380
|
- |
|
-
|
-
|
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10227
|
2024-10-29 23:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
