|
1271
|
- |
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
|
-
|
CVE-2024-43234
|
2024-12-20 22:15 |
2024-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1272
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9619
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1273
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option'…
|
CWE-284
Improper Access Control
|
CVE-2024-9503
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1274
|
9.8 |
CRITICAL
Network
-
|
-
|
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-12571
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1275
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12509
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1276
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12506
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1277
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11893
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1278
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11878
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1279
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the…
|
CWE-352
Origin Validation Error
|
CVE-2024-11812
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1280
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11806
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
