|
3511
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgfr…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0391
|
2025-01-11 18:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3512
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The ma…
|
CWE-23
CWE-24
Relative Path Traversal
Path Traversal: '../filedir'
|
CVE-2025-0390
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3513
|
- |
|
-
|
-
|
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL …
|
-
|
CVE-2024-42175
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3514
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12527
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3515
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12520
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3516
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12519
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3517
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12412
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3518
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12407
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3519
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12116
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3520
|
9.8 |
CRITICAL
Network
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12877
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
