|
91
|
8.1 |
HIGH
Network
|
ivanm
|
wp_image_uploader
|
The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_ima…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-13707
|
2025-02-1 03:12 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
5.4 |
MEDIUM
Network
|
areoi
|
all_bootstrap_blocks
|
The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitizati…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13549
|
2025-02-1 03:10 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
5.4 |
MEDIUM
Network
|
wptableeditor
|
table_editor
|
The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient inp…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13661
|
2025-02-1 03:08 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
5.4 |
MEDIUM
Network
|
wonderjarcreative
|
wonder_fontawesome
|
The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its f…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-13512
|
2025-02-1 03:08 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.4 |
MEDIUM
Network
|
wordpresteem
|
we_-_testimonial_slide
|
The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitiza…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13460
|
2025-02-1 03:07 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.4 |
MEDIUM
Network
|
gubbigubbi
|
kona_gallery_block
|
The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to, a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13400
|
2025-02-1 03:02 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
5.4 |
MEDIUM
Network
|
wpbean
|
wp_post_list_table
|
The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficie…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13664
|
2025-02-1 02:58 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
5.4 |
MEDIUM
Network
|
stockdio
|
stockdio_historical_chart
|
The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13349
|
2025-02-1 02:58 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
5.4 |
MEDIUM
Network
|
partitionnumerique
|
music_sheet_viewer
|
The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input saniti…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-13670
|
2025-02-1 02:56 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.5 |
HIGH
Network
partitionnumerique
|
music_sheet_viewer
|
The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it possible for unauthenticat…
Update
|
NVD-CWE-noinfo
|
CVE-2024-13671
|
2025-02-1 02:50 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
