|
261
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12514
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12496
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input s…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12493
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insuff…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12491
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. Th…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12394
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
7.5 |
HIGH
Network
-
|
-
|
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly…
New
|
CWE-530
|
CVE-2024-12330
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
267
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and outpu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12285
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12249
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12222
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect no…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12218
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
