|
791
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render…
|
CWE-200
Information Exposure
|
CVE-2024-12140
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
792
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12126
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
793
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12124
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
794
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12049
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
795
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11810
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
796
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11690
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
797
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including…
|
CWE-862
Missing Authorization
|
CVE-2024-11496
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
798
|
7.2 |
HIGH
Network
|
-
|
-
|
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-11465
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
799
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11445
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
800
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP – Bulk SMS – by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11434
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
