7.2

CVSS3.1

CVE-2024-7129 - Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 15, 2025, 8:15 p.m.

4.8

CVSS3.1

CVE-2024-6850 - Carousel Slider < 2.2.14 - Editor+ Stored XSS

The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 6:30 p.m.

4.7

CVSS3.1

CVE-2024-6723 - AI Engine < 2.4.8 - Admin+ SQLi

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 6:50 p.m.

4.8

CVSS3.1

CVE-2024-6617 - NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 9:28 p.m.

4.8

CVSS3.1

CVE-2024-6493 - NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

πŸ“… Published: Sept. 13, 2024, 6 a.m. πŸ”„ Last Modified: Sept. 27, 2024, 9:28 p.m.

6.4

CVSS3.1

CVE-2024-5628 - Avada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored C…

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This …

πŸ“… Published: Sept. 13, 2024, 5:30 a.m. πŸ”„ Last Modified: April 8, 2026, 5:02 p.m.

6.1

CVSS3.1

CVE-2024-8656 - WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page…

πŸ“… Published: Sept. 13, 2024, 3:27 a.m. πŸ”„ Last Modified: April 8, 2026, 5:23 p.m.

4.3

CVSS3.1

CVE-2024-43180 - IBM Concert information disclosure

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can the…

πŸ“… Published: Sept. 13, 2024, 1:24 a.m. πŸ”„ Last Modified: Sept. 20, 2024, 5:28 p.m.

5.3

CVSS4.0

CVE-2024-8762 - code-projects Crud Operation System updatedata.php sql injection

A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been discl…

πŸ“… Published: Sept. 13, 2024, 12:31 a.m. πŸ”„ Last Modified: Sept. 14, 2024, 3:54 p.m.

6.5

CVSS3.1

CVE-2024-39925 -

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a …

πŸ“… Published: Sept. 13, 2024, midnight πŸ”„ Last Modified: July 10, 2025, 1:23 p.m.
Total resulsts: 349182
Page 8575 of 34,919
Β« previous page Β» next page
Filters