|
251
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argumen…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2025-0349
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,…
New
|
CWE-862
Missing Authorization
|
CVE-2024-6155
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including…
New
|
CWE-862
Missing Authorization
|
CVE-2024-5769
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
8.8 |
HIGH
Network
|
-
|
-
|
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Th…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12848
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12819
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12621
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12618
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and includin…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12616
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
8.6 |
HIGH
Network
-
|
-
|
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This …
New
|
CWE-862
Missing Authorization
|
CVE-2024-12542
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
260
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12515
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
