|
871
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12529
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
872
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12512
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
873
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on…
|
CWE-862
Missing Authorization
|
CVE-2024-12113
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
874
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12076
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
875
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11825
|
2025-01-25 17:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
876
|
7.2 |
HIGH
Network
|
-
|
-
|
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'fr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12600
|
2025-01-25 16:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
877
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10552
|
2025-01-25 16:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
878
|
8.8 |
HIGH
Network
|
-
|
-
|
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0682
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
879
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input…
|
CWE-85
|
CVE-2024-13721
|
2025-01-25 15:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
880
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. Th…
|
CWE-352
Origin Validation Error
|
CVE-2024-13709
|
2025-01-25 13:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
