1361
|
5.3 |
MEDIUM
Network
-
|
-
|
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a reg…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-12579
|
2024-12-13 14:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1362
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12574
|
2024-12-13 14:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1363
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11809
|
2024-12-13 14:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1364
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11767
|
2024-12-13 14:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1365
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a func…
|
CWE-352
Origin Validation Error
|
CVE-2024-12572
|
2024-12-13 13:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1366
|
3.7 |
LOW
Network
|
-
|
-
|
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, a…
|
CWE-862
Missing Authorization
|
CVE-2024-12300
|
2024-12-13 13:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1367
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user sup…
|
CWE-89
SQL Injection
|
CVE-2019-25221
|
2024-12-13 13:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1368
|
- |
|
-
|
-
|
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
|
-
|
CVE-2024-12603
|
2024-12-13 12:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1369
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-54118
|
2024-12-13 11:15 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1370
|
7.8 |
HIGH
Local
|
-
|
-
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2024-49138
|
2024-12-13 11:00 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|