|
81
|
7.5 |
HIGH
Network
wpmessiah
|
safe_ai_malware_protection_for_wp
|
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and includ…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-12269
|
2025-02-1 04:44 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
82
|
6.5 |
MEDIUM
Network
|
villatheme
|
w2s
|
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it poss…
Update
|
NVD-CWE-noinfo
|
CVE-2024-12861
|
2025-02-1 04:01 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
5.4 |
MEDIUM
Network
|
proxymis
|
html5_chat
|
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitizati…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12451
|
2025-02-1 03:55 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
5.4 |
MEDIUM
Network
|
wpdispensary
|
wp_dispensary
|
The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitiz…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12444
|
2025-02-1 03:45 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.1 |
MEDIUM
Network
|
shoalsummitsolutions
|
team_rosters
|
The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and outp…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12320
|
2025-02-1 03:25 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
6.1 |
MEDIUM
Network
|
bowo
|
system_dashboard
|
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitizatio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-12299
|
2025-02-1 03:22 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
4.3 |
MEDIUM
Network
|
ecpay
|
ecpay_ecommerce_for_woocommerce
|
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to,…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-13652
|
2025-02-1 03:21 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
8.1 |
HIGH
Network
|
aakashbhagat
|
single_user_chat
|
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login'…
Update
|
NVD-CWE-noinfo
|
CVE-2024-13646
|
2025-02-1 03:19 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
6.1 |
MEDIUM
Network
|
stageshow_project
|
stageshow
|
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13705
|
2025-02-1 03:17 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
6.5 |
MEDIUM
Network
|
modalsurvey
|
wordpress_survey_and_poll
|
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, an…
Update
|
CWE-89
SQL Injection
|
CVE-2024-13596
|
2025-02-1 03:16 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
