|
21
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 v…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-13428
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
22
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 v…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-13425
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 v…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-13372
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
24
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the…
New
|
CWE-862
Missing Authorization
|
CVE-2024-13371
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
25
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including,…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12825
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
New
|
-
|
CVE-2025-23091
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This ma…
New
|
CWE-862
Missing Authorization
|
CVE-2025-0939
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to in…
New
|
CWE-89
SQL Injection
|
CVE-2024-13341
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchab…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11829
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.8 |
HIGH
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible f…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0366
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
