|
2791
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. Thi…
|
CWE-352
Origin Validation Error
|
CVE-2024-13432
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2792
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13393
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2793
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_up…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13391
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2794
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2795
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validat…
|
CWE-352
Origin Validation Error
|
CVE-2024-13317
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2796
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all ver…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12696
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2797
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status()…
|
CWE-352
Origin Validation Error
|
CVE-2024-12385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2798
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0554
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2799
|
5.3 |
MEDIUM
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, an…
|
CWE-200
Information Exposure
|
CVE-2025-0318
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2800
|
7.5 |
HIGH
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parame…
|
CWE-89
SQL Injection
|
CVE-2025-0308
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
