|
1851
|
9.8 |
CRITICAL
Network
-
|
-
|
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-12571
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1852
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12509
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1853
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12506
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1854
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11893
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1855
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11878
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1856
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the…
|
CWE-352
Origin Validation Error
|
CVE-2024-11812
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1857
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11806
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1858
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11784
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1859
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11783
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1860
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11775
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
