Show filters
255 Total Results
Displaying 11-20 of 255
Sort by:
Attacker Value
Unknown
CVE-2024-56244
Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92.
0
Attacker Value
Unknown
CVE-2023-46079
Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9.
0
Attacker Value
Unknown
CVE-2024-9545
Disclosure Date: December 21, 2024 (last updated December 21, 2024)
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-12588
Disclosure Date: December 21, 2024 (last updated December 21, 2024)
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-12687
Disclosure Date: December 16, 2024 (last updated December 18, 2024)
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.
This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
Attacker Value
Unknown
CVE-2024-11839
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
Attacker Value
Unknown
CVE-2024-11838
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
Attacker Value
Unknown
CVE-2024-11837
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
Attacker Value
Unknown
CVE-2024-11836
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
Attacker Value
Unknown
CVE-2024-11835
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
0
