|
311491
|
8.8 |
HIGH
Network
|
vanquish
|
user_extra_fields
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…
|
CWE-862
Missing Authorization
|
CVE-2024-10800
|
2024-11-20 02:08 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311492
|
5.4 |
MEDIUM
Network
|
chatwoot
|
chatwoot
|
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malic…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3741
|
2024-11-20 02:07 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311493
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8979
|
2024-11-20 02:05 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311494
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8978
|
2024-11-20 02:04 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311495
|
8.8 |
HIGH
Network
|
cmorillas1
|
external_database_based_actions
|
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_han…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10311
|
2024-11-20 02:03 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311496
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8961
|
2024-11-20 02:01 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311497
|
9.8 |
CRITICAL
Network
|
vanquish
|
user_extra_fields
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to…
|
CWE-22
Path Traversal
|
CVE-2024-11150
|
2024-11-20 01:57 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311498
|
- |
|
-
|
-
|
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData…
|
-
|
CVE-2024-50804
|
2024-11-20 01:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311499
|
- |
|
-
|
-
|
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
|
-
|
CVE-2024-50919
|
2024-11-20 01:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311500
|
- |
|
-
|
-
|
A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
|
-
|
CVE-2024-48294
|
2024-11-20 01:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
