|
1371
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the set…
|
CWE-352
Origin Validation Error
|
CVE-2024-12414
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
5.3 |
MEDIUM
Network
-
|
-
|
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12309
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1373
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, an…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-12042
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-11911
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11910
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11832
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11754
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-11275
|
2024-12-13 18:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
9.8 |
CRITICAL
Network
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This i…
|
-
|
CVE-2024-8259
|
2024-12-13 17:15 |
2024-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1380
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12581
|
2024-12-13 15:15 |
2024-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
