|
751
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter i…
|
CWE-89
SQL Injection
|
CVE-2024-13500
|
2025-02-15 21:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
7.5 |
HIGH
Network
-
|
-
|
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insuf…
|
CWE-89
SQL Injection
|
CVE-2024-13488
|
2025-02-15 21:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
753
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.…
|
CWE-862
Missing Authorization
|
CVE-2024-13439
|
2025-02-15 21:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the d…
|
CWE-352
Origin Validation Error
|
CVE-2024-10581
|
2025-02-15 21:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2025-1005
|
2025-02-15 19:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability …
|
CWE-862
Missing Authorization
|
CVE-2024-13752
|
2025-02-15 19:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
9.8 |
CRITICAL
Network
-
|
-
|
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulne…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12562
|
2025-02-15 19:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
758
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3…
|
CWE-862
Missing Authorization
|
CVE-2025-0935
|
2025-02-15 18:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13563
|
2025-02-15 18:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible …
|
CWE-200
Information Exposure
|
CVE-2024-13525
|
2025-02-15 18:15 |
2025-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
