๐จ CVE-2024-9528
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2024-8743
The Bit File Manager โ 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
๐@cveNotify
The Bit File Manager โ 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
๐@cveNotify
๐จ CVE-2024-8486
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2024-9532
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
IoT-vulnerable/D-Link/DIR-605L/formAdvanceSetup.md at main ยท abcdefg-png/IoT-vulnerable
IoT-vulnerable. Contribute to abcdefg-png/IoT-vulnerable development by creating an account on GitHub.
๐1
๐จ CVE-2024-9417
The Hash Form โ Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
๐@cveNotify
The Hash Form โ Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
๐@cveNotify
๐จ CVE-2024-44011
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
๐@cveNotify
Patchstack
WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44012
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
๐@cveNotify
Patchstack
WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44013
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.
๐@cveNotify
Patchstack
WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44014
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.
๐@cveNotify
Patchstack
WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44015
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.
๐@cveNotify
Patchstack
WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
โค1
๐จ CVE-2024-44016
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.
๐@cveNotify
Patchstack
WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐1
๐จ CVE-2024-9161
The Rank Math SEO โ AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
๐@cveNotify
The Rank Math SEO โ AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
๐@cveNotify
๐จ CVE-2024-9314
The Rank Math SEO โ AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
๐@cveNotify
The Rank Math SEO โ AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
๐@cveNotify
๐จ CVE-2024-44030
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.
๐@cveNotify
Patchstack
WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44018
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.
๐@cveNotify
Patchstack
WordPress Instant Chat WP plugin <= 1.0.5 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.
๐@cveNotify
Patchstack
WordPress ABCApp Creator plugin <= 1.1.2 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-44034
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2.
๐@cveNotify
Patchstack
WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-47309
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7.
๐@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7.
๐@cveNotify
Patchstack
WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-47316
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.
๐@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.
๐@cveNotify
Patchstack
WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-47625
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.
๐@cveNotify
Patchstack
WordPress Enter Addons โ Ultimate Template Builder for Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-47626
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.
๐@cveNotify
Patchstack
WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.