|
671
|
5.4 |
MEDIUM
Network
|
gambit
|
stackable
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12117
|
2025-01-25 04:05 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
5.4 |
MEDIUM
Network
|
aipower
|
aipower
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it p…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-13360
|
2025-01-25 03:58 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
8.8 |
HIGH
Network
|
aipower
|
aipower
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including…
|
CWE-862
Missing Authorization
|
CVE-2024-13361
|
2025-01-25 03:55 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
7.5 |
HIGH
Network
open5gs
|
open5gs
|
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
|
CWE-617
Reachable Assertion
|
CVE-2024-24427
|
2025-01-25 03:47 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
675
|
7.5 |
HIGH
Network
open5gs
|
open5gs
|
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
|
CWE-617
Reachable Assertion
|
CVE-2024-24428
|
2025-01-25 03:44 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
676
|
9.8 |
CRITICAL
Network
wpbot
|
wpot
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13091
|
2025-01-25 03:42 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
677
|
5.3 |
MEDIUM
Network
wp-polls_project
|
wp-polls
|
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of suffic…
|
CWE-89
SQL Injection
|
CVE-2024-13426
|
2025-01-25 03:37 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
678
|
5.4 |
MEDIUM
Network
|
videowhisper
|
picture_gallery
|
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13584
|
2025-01-25 03:20 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0.
|
CWE-352
Origin Validation Error
|
CVE-2025-24756
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This…
|
CWE-79
Cross-site Scripting
|
CVE-2025-24755
|
2025-01-25 03:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
