|
2441
|
5.3 |
MEDIUM
Network
-
|
-
|
The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it…
|
CWE-200
Information Exposure
|
CVE-2024-12250
|
2024-12-18 13:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2442
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12061
|
2024-12-18 13:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2443
|
7.5 |
HIGH
Network
-
|
-
|
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, …
|
CWE-89
SQL Injection
|
CVE-2024-12025
|
2024-12-18 13:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2444
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11254
|
2024-12-18 13:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2445
|
- |
|
-
|
-
|
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerabi…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2024-47480
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2446
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12513
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2447
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12500
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2448
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11881
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2449
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11748
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2450
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11439
|
2024-12-18 12:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
