|
3151
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12520
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3152
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12519
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3153
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12412
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3154
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12407
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12116
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3156
|
9.8 |
CRITICAL
Network
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12877
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3157
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts c…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-11915
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3158
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11892
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3159
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11874
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3160
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11758
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
