Total
264607 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8318 | 1 Websevendev | 1 Attributes For Blocks | 2024-10-05 | N/A | 5.4 MEDIUM |
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2023-23640 | 1 Mainwp | 1 Updraftplus Extension | 2024-10-05 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6. | |||||
CVE-2024-31294 | 1 Androidbubble | 1 Wp Sort Order | 2024-10-05 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1. | |||||
CVE-2024-31246 | 1 Wpxpo | 1 Postx | 2024-10-05 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3. | |||||
CVE-2024-31098 | 1 Mrebabi | 1 New Order Notification For Woocommerce | 2024-10-05 | N/A | 9.8 CRITICAL |
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. | |||||
CVE-2024-24142 | 1 Rems | 1 School Task Manager | 2024-10-05 | N/A | 9.8 CRITICAL |
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | |||||
CVE-2023-23639 | 1 Mainwp | 1 Staging Extension | 2024-10-05 | N/A | 9.8 CRITICAL |
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3. | |||||
CVE-2024-47849 | 2024-10-05 | N/A | N/A | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | |||||
CVE-2024-47847 | 2024-10-05 | N/A | N/A | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | |||||
CVE-2024-47846 | 2024-10-05 | N/A | N/A | ||
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | |||||
CVE-2024-47845 | 2024-10-05 | N/A | N/A | ||
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | |||||
CVE-2024-47840 | 2024-10-05 | N/A | N/A | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | |||||
CVE-2024-47848 | 2024-10-05 | N/A | N/A | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | |||||
CVE-2024-47913 | 2024-10-04 | N/A | N/A | ||
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. | |||||
CVE-2024-47911 | 2024-10-04 | N/A | 6.7 MEDIUM | ||
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. | |||||
CVE-2024-47910 | 2024-10-04 | N/A | N/A | ||
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | |||||
CVE-2024-41514 | 2024-10-04 | N/A | N/A | ||
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | |||||
CVE-2024-41513 | 2024-10-04 | N/A | N/A | ||
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. | |||||
CVE-2024-41512 | 2024-10-04 | N/A | N/A | ||
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | |||||
CVE-2024-37869 | 2024-10-04 | N/A | N/A | ||
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable |