|
451
|
3.1 |
LOW
Network
|
-
|
-
|
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. Th…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10527
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12592
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and ou…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12590
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
5.3 |
MEDIUM
Network
-
|
-
|
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12559
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
455
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12557
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on t…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12541
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12540
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function…
New
|
CWE-200
Information Exposure
|
CVE-2024-12538
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all ver…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12528
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
6.5 |
MEDIUM
Network
-
|
-
|
The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due …
New
|
CWE-94
Code Injection
|
CVE-2024-12419
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
