|
181
|
7.2 |
HIGH
Network
|
visualmodo
|
borderless
|
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'wr…
|
CWE-94
Code Injection
|
CVE-2024-11600
|
2025-02-1 05:02 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
4.3 |
MEDIUM
Network
|
seventhqueen
|
typer_core
|
The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which …
|
NVD-CWE-noinfo
|
CVE-2024-12102
|
2025-02-1 05:01 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
6.1 |
MEDIUM
Network
|
wpmessiah
|
ai_image_alt_text_generator_for_wp
|
The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12177
|
2025-02-1 04:49 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
7.5 |
HIGH
Network
wpmessiah
|
safe_ai_malware_protection_for_wp
|
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-12269
|
2025-02-1 04:44 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
185
|
6.5 |
MEDIUM
Network
|
villatheme
|
w2s
|
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it poss…
|
NVD-CWE-noinfo
|
CVE-2024-12861
|
2025-02-1 04:01 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
5.4 |
MEDIUM
Network
|
proxymis
|
html5_chat
|
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12451
|
2025-02-1 03:55 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
5.4 |
MEDIUM
Network
|
wpdispensary
|
wp_dispensary
|
The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12444
|
2025-02-1 03:45 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
6.1 |
MEDIUM
Network
|
shoalsummitsolutions
|
team_rosters
|
The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12320
|
2025-02-1 03:25 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
6.1 |
MEDIUM
Network
|
bowo
|
system_dashboard
|
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12299
|
2025-02-1 03:22 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
4.3 |
MEDIUM
Network
|
ecpay
|
ecpay_ecommerce_for_woocommerce
|
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-13652
|
2025-02-1 03:21 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
