|
901
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipul…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0709
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does …
|
-
|
CVE-2025-24025
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
|
-
|
CVE-2024-57556
|
2025-01-25 06:15 |
2025-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
6.1 |
MEDIUM
Network
|
themify
|
themify_builder
|
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13319
|
2025-01-25 06:06 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0428
|
2025-01-25 05:56 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
4.3 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and in…
|
CWE-862
Missing Authorization
|
CVE-2024-13447
|
2025-01-25 05:53 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0429
|
2025-01-25 05:51 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs…
|
CWE-94
Code Injection
|
CVE-2024-13495
|
2025-01-25 05:46 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
909
|
7.5 |
HIGH
Network
gamipress
|
gamipress
|
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versi…
|
CWE-89
SQL Injection
|
CVE-2024-13496
|
2025-01-25 05:45 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
910
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() fu…
|
CWE-94
Code Injection
|
CVE-2024-13499
|
2025-01-25 05:37 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
