|
1411
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_par…
|
CWE-862
Missing Authorization
|
CVE-2024-13775
|
2025-02-1 22:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1412
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13612
|
2025-02-1 22:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1413
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including,…
|
CWE-862
Missing Authorization
|
CVE-2024-12825
|
2025-02-1 17:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1414
|
- |
|
-
|
-
|
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
|
-
|
CVE-2025-23091
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1415
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This ma…
|
CWE-862
Missing Authorization
|
CVE-2025-0939
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1416
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to in…
|
CWE-89
SQL Injection
|
CVE-2024-13341
|
2025-02-1 16:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1417
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers…
|
CWE-22
Path Traversal
|
CVE-2025-0365
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1418
|
5.3 |
MEDIUM
Network
-
|
-
|
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 vi…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-12041
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1419
|
8.8 |
HIGH
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible f…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-0366
|
2025-02-1 15:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1420
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-13651
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
