0.0
CVE-2024-49316 - WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1.
6.5
CVE-2024-49319 - WordPress Awesome Contact Form7 for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor awesome-contact-form7-for-elementor.This issue affects Awesome Contact Form7 for Elementor: from n/a through <= 3.0.
6.1
CVE-2024-10099 - Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is vieβ¦
7.1
CVE-2024-7755 - HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.
5.4
CVE-2024-10101 - Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloβ¦
7.5
CVE-2024-10100 - Path Traversal in binary-husky/gpt_academic
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as crβ¦
7.1
CVE-2024-43997 - WordPress easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elemenβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14.
6.1
CVE-2024-49220 - WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through <= 1.1.
6.1
CVE-2024-49221 - WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in julian.weinert cSlider cslider allows Cross Site Request Forgery.This issue affects cSlider: from n/a through <= 2.4.2.
6.1
CVE-2024-49223 - WordPress CJ Change Howdy plugin <= 3.3.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Change Howdy cj-change-howdy allows Cross Site Request Forgery.This issue affects CJ Change Howdy: from n/a through <= 3.3.1.