|
301
|
7.2 |
HIGH
Network
|
-
|
-
|
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'wr…
New
|
CWE-94
Code Injection
|
CVE-2024-11600
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zi…
New
|
CWE-862
Missing Authorization
|
CVE-2024-11583
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10847
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
8.8 |
HIGH
Network
|
-
|
-
|
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privi…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10591
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13466
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13380
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed w…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-0747
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0745
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
- |
|
-
|
-
|
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST requ…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0744
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obt…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0743
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
