|
2031
|
5.3 |
MEDIUM
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResume…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-11712
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2032
|
7.5 |
HIGH
Network
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and includin…
|
CWE-89
SQL Injection
|
CVE-2024-11711
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2033
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all v…
|
CWE-89
SQL Injection
|
CVE-2024-11710
|
2024-12-14 16:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12501
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12474
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12459
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2037
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12422
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11752
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restric…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10690
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2040
|
7.2 |
HIGH
Network
-
|
-
|
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all ver…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10646
|
2024-12-14 15:15 |
2024-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
