|
1621
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This ma…
|
CWE-862
Missing Authorization
|
CVE-2025-0939
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to in…
|
CWE-89
SQL Injection
|
CVE-2024-13341
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers…
|
CWE-22
Path Traversal
|
CVE-2025-0365
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
5.3 |
MEDIUM
Network
-
|
-
|
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 vi…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-12041
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1625
|
8.8 |
HIGH
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible f…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0366
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-13651
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13547
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and inclu…
|
CWE-269
Improper Privilege Management
|
CVE-2024-13343
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
5.3 |
MEDIUM
Network
-
|
-
|
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_…
|
CWE-862
Missing Authorization
|
CVE-2024-12620
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1630
|
5.3 |
MEDIUM
Network
-
|
-
|
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all…
|
CWE-862
Missing Authorization
|
CVE-2024-12184
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
