|
1701
|
9.8 |
CRITICAL
Network
-
|
-
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, …
|
CWE-287
Improper Authentication
|
CVE-2024-12919
|
2025-01-14 19:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1702
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_bi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0394
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce val…
|
CWE-352
Origin Validation Error
|
CVE-2025-0393
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13156
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout …
|
CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
|
CVE-2024-11736
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of…
|
CWE-693
Protection Mechanism Failure
|
CVE-2024-11734
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13323
|
2025-01-14 15:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce …
|
CWE-352
Origin Validation Error
|
CVE-2024-13348
|
2025-01-14 13:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
8.8 |
HIGH
Network
|
-
|
-
|
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allo…
|
CWE-269
Improper Privilege Management
|
CVE-2024-12398
|
2025-01-14 11:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-11637
|
2025-01-14 11:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
