|
21
|
- |
|
-
|
-
|
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored …
New
|
-
|
CVE-2024-13096
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow user…
New
|
-
|
CVE-2024-12768
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
8.8 |
HIGH
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible f…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0366
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
5.3 |
MEDIUM
Network
-
|
-
|
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 vi…
New
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-12041
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
25
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vu…
New
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-53295
|
2025-02-1 14:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially expl…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2024-53296
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unaut…
New
|
CWE-29
Path Traversal: '\..\filename'
|
CVE-2024-51534
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all ve…
New
|
CWE-862
Missing Authorization
|
CVE-2024-13651
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient inpu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13547
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and inclu…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-13343
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
