4.8
CVE-2024-11645 - Float Block <= 1.7 - Admin+ Stored XSS via Widget
The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.9
CVE-2024-11644 - WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
4.8
CVE-2024-11605 - WP Publications <= 1.2 - Admin+ Stored XSS
The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite seβ¦
5.3
CVE-2024-12981 - CodeAstro Car Rental System bookingconfirm.php sql injection
A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remβ¦
6.9
CVE-2024-12980 - code-projects Job Recruitment _all_edits.php fln_update cross site scripting
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. Thβ¦
6.9
CVE-2024-12979 - code-projects Job Recruitment _all_edits.php cn_update cross site scripting
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has beeβ¦
6.9
CVE-2024-12978 - code-projects Job Recruitment _all_edits.php add_req sql injection
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit haβ¦
6.5
CVE-2024-9774 - Python-sql: python-sql unary operators does not escape non-expression
A vulnerability was found in python-sql where unary operators do not escape non-Expression.
5.3
CVE-2024-12977 - PHPGurukul Complaint Management System state.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been β¦
6.9
CVE-2024-12976 - CodeZips Hospital Management System staff.php sql injection
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit haβ¦