|
1391
|
6.1 |
MEDIUM
Network
|
themify
|
themify_builder
|
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13319
|
2025-01-25 06:06 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0428
|
2025-01-25 05:56 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
4.3 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and in…
|
CWE-862
Missing Authorization
|
CVE-2024-13447
|
2025-01-25 05:53 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0429
|
2025-01-25 05:51 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs…
|
CWE-94
Code Injection
|
CVE-2024-13495
|
2025-01-25 05:46 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1396
|
7.5 |
HIGH
Network
gamipress
|
gamipress
|
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versi…
|
CWE-89
SQL Injection
|
CVE-2024-13496
|
2025-01-25 05:45 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1397
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() fu…
|
CWE-94
Code Injection
|
CVE-2024-13499
|
2025-01-25 05:37 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1398
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Managemen…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0708
|
2025-01-25 05:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
7.8 |
HIGH
Local
|
-
|
-
|
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulatio…
|
CWE-426
Untrusted Search Path
|
CVE-2025-0707
|
2025-01-25 05:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/s…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0706
|
2025-01-25 05:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
