|
91
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validat…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-13317
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all ver…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12696
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status()…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-0554
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.3 |
MEDIUM
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, an…
New
|
CWE-200
Information Exposure
|
CVE-2025-0318
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
96
|
7.5 |
HIGH
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parame…
New
|
CWE-89
SQL Injection
|
CVE-2025-0308
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
97
|
- |
|
-
|
-
|
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which cou…
New
|
-
|
CVE-2024-9020
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13516
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.2…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13515
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.3 |
MEDIUM
Network
-
|
-
|
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12071
|
2025-01-18 13:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
