|
1041
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3…
|
CWE-862
Missing Authorization
|
CVE-2024-13715
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
9.8 |
CRITICAL
Network
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() fu…
|
CWE-862
Missing Authorization
|
CVE-2024-12822
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1043
|
8.8 |
HIGH
Network
|
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media()…
|
CWE-862
Missing Authorization
|
CVE-2024-12821
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13466
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13380
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed w…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0747
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0745
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
- |
|
-
|
-
|
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST requ…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0744
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obt…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0743
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" …
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0742
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
