|
861
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13548
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13467
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions u…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13458
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13441
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the s…
|
CWE-862
Missing Authorization
|
CVE-2024-13370
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the y…
|
CWE-862
Missing Authorization
|
CVE-2024-13368
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versi…
|
CWE-22
Path Traversal
|
CVE-2024-12885
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() funct…
|
CWE-862
Missing Authorization
|
CVE-2024-12826
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12817
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12816
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
