|
111
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The man…
New
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0207
|
2025-01-4 22:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
- |
|
-
|
-
|
A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew…
Update
|
-
|
CVE-2024-13042
|
2025-01-4 22:15 |
2024-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation lead…
New
|
CWE-284
CWE-266
Improper Access Control
Incorrect Privilege Assignment
|
CVE-2025-0206
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. Th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12475
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a funct…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12279
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /w…
New
|
CWE-89
SQL Injection
|
CVE-2024-12195
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12221
|
2025-01-4 19:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to s…
New
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0205
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. …
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2024-12583
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11930
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
