6.1

CVSS3.1

CVE-2024-7818 - Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 6:18 p.m.

6.5

CVSS3.1

CVE-2024-7817 - Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 6:26 p.m.

6.1

CVSS3.1

CVE-2024-7816 - Gixaw Chat <= 1.0 - Stored XSS via CSRF

The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 26, 2024, 8:23 p.m.

7.2

CVSS3.1

CVE-2024-7766 - Adicon Server <= 1.2 - Admin+ SQL Injection

The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 26, 2024, 8:37 p.m.

4.8

CVSS3.1

CVE-2024-6887 - Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow…

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 26, 2024, 8:38 p.m.

6.1

CVSS3.1

CVE-2024-6019 - Music Request Manager <= 1.3 - Unauthenticated Stored XSS

The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 13, 2024, 4:13 p.m.

6.1

CVSS3.1

CVE-2024-6018 - Music Request Manager <= 1.3 - Reflected XSS

The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 13, 2024, 4:15 p.m.

6.1

CVSS3.1

CVE-2024-6017 - Music Request Manager <= 1.3 - Stored XSS via CSRF

The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 13, 2024, 4:17 p.m.

4.8

CVSS3.1

CVE-2024-5799 - CM Pop-Up Banners for WordPress < 1.7.3 - Contributor+ Stored XSS

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 26, 2024, 8:39 p.m.

4.3

CVSS3.1

CVE-2024-3163 - Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

πŸ“… Published: Sept. 12, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 26, 2024, 3:13 p.m.
Total resulsts: 349182
Page 8589 of 34,919
Β« previous page Β» next page
Filters