CVE-2024-35308

CVE-2024-35308 is a post-authentication arbitrary file read vulnerability in Pandora FMS, affecting versions 700 through 777.3. The flaw resides in the server’s plugins section within the plugin edition feature , enabling unauthorized access to server files after authentication. Observed impact (...

CVE-2024-35308 Post-auth Arbitrary File Read in the Server Plugins Section

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-49630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems WP Education wp-education allows Stored XSS.This issue affects WP Education: from n/a through = 1.2.8...

CVE-2024-48049

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mighty Plugins Mighty Builder mighty-builder allows Stored XSS.This issue affects Mighty Builder: from n/a through = 1.0.2...

CVE-2024-49630 WordPress WP Education for Elementor plugin <= 1.2.8 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8...

CVE-2024-49630 WordPress WP Education for Elementor plugin <= 1.2.8 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems WP Education wp-education allows Stored XSS.This issue affects WP Education: from n/a through = 1.2.8...

CVE-2024-49630

CVE-2024-49630 affects WP Education (WordPress plugin for Elementor)

PT-2024-33585 · WordPress · Ht Plugins Wp Education

Name of the Vulnerable Software and Affected Versions: HT Plugins WP Education versions 1.2.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...

CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

CVE-2024-49308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Animator scroll-triggered-animations allows Reflected XSS.This issue affects Animator: from n/a through = 3.0.15...

CVE-2024-49308 WordPress Animator – Scroll Triggered Animations plugin <= 3.0.15 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Animator scroll-triggered-animations allows Reflected XSS.This issue affects Animator: from n/a through = 3.0.15...

CVE-2024-49308

CVE-2024-49308 is a Reflected XSS in the WordPress plugin “Animator – Scroll Triggered Animations” (vulnerable:

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

PT-2024-33447 · Unknown · Toast Plugins Animator

Name of the Vulnerable Software and Affected Versions: Toast Plugins Animator versions 3.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Reflected XSS Cross-site Scripting vulnerability. This allows for Reflected...

CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

EUVD-2016-10786

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

CVE-2016-15042

The CVE-2016-15042 issue affects WordPress plugins Frontend File Manager (&lt;4.0) and N-Media Post Front-end Form (

CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...