0.0
CVE-2024-50511 - WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1.
0.0
CVE-2024-50507 - WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.
0.0
CVE-2024-50512 - WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2.
0.0
CVE-2024-50509 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
0.0
CVE-2024-50503 - WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3.
7.2
CVE-2024-10108 - WPAdverts β Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_aβ¦
The WPAdverts β Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦
6.4
CVE-2024-10223 - HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember β¦
The WP Team β WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possiβ¦
5.4
CVE-2024-8444 - Download Manager < 3.3.00 - Contributor+ Stored XSS
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
6.1
CVE-2024-8871 - Pricing Tables WordPress Plugin β Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
The Pricing Tables WordPress Plugin β Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers toβ¦
4.3
CVE-2024-10399 - Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, β¦