|
731
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9502
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9354
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_conten…
|
CWE-862
Missing Authorization
|
CVE-2024-12781
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insuff…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12624
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_jdt' shortcode in all versions up to, and including, 4.0.1 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12499
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtb-bootstrap/column' block in all versions up to, and including, 2.5.0 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12495
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12437
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11764
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
8.8 |
HIGH
Network
|
-
|
-
|
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the …
|
CWE-862
Missing Authorization
|
CVE-2024-11725
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
5.3 |
MEDIUM
Network
-
|
-
|
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search featu…
|
CWE-200
Information Exposure
|
CVE-2024-11282
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
