|
641
|
6.1 |
MEDIUM
Network
|
icopydoc
|
xml_for_google_merchant_center
|
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13406
|
2025-01-25 06:20 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0710
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipul…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-0709
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
- |
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does …
|
-
|
CVE-2025-24025
|
2025-01-25 06:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
|
-
|
CVE-2024-57556
|
2025-01-25 06:15 |
2025-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
6.1 |
MEDIUM
Network
|
themify
|
themify_builder
|
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13319
|
2025-01-25 06:06 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0428
|
2025-01-25 05:56 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
4.3 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and in…
|
CWE-862
Missing Authorization
|
CVE-2024-13447
|
2025-01-25 05:53 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
7.2 |
HIGH
Network
|
aipower
|
aipower
|
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-0429
|
2025-01-25 05:51 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
7.3 |
HIGH
Network
gamipress
|
gamipress
|
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs…
|
CWE-94
Code Injection
|
CVE-2024-13495
|
2025-01-25 05:46 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
