|
621
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a funct…
|
CWE-352
Origin Validation Error
|
CVE-2024-12279
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /w…
|
CWE-89
SQL Injection
|
CVE-2024-12195
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12221
|
2025-01-4 19:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to s…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0205
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2024-12583
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and includi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11930
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument …
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0204
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12701
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…
|
CWE-352
Origin Validation Error
|
CVE-2024-12545
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12047
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
