|
1071
|
9.8 |
CRITICAL
Network
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() fu…
|
CWE-862
Missing Authorization
|
CVE-2024-12822
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1072
|
8.8 |
HIGH
Network
|
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media()…
|
CWE-862
Missing Authorization
|
CVE-2024-12821
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13466
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13380
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed w…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0747
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0745
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
- |
|
-
|
-
|
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST requ…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0744
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obt…
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0743
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
- |
|
-
|
-
|
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" …
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-0742
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
- |
|
-
|
-
|
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do…
|
CWE-923
CWE-862
Improper Restriction of Communication Channel to Intended Endpoints
Missing Authorization
|
CVE-2022-43916
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
