|
3241
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12205
|
2025-01-8 14:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3242
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due t…
|
CWE-89
SQL Injection
|
CVE-2024-12030
|
2025-01-8 14:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3243
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3…
|
CWE-862
Missing Authorization
|
CVE-2024-11271
|
2025-01-8 14:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3244
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type va…
|
CWE-862
Missing Authorization
|
CVE-2024-11270
|
2025-01-8 14:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3245
|
5.3 |
MEDIUM
Network
-
|
-
|
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function d…
|
CWE-862
Missing Authorization
|
CVE-2024-12713
|
2025-01-8 13:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3246
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12521
|
2025-01-8 13:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3247
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12112
|
2025-01-8 13:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3248
|
7.4 |
HIGH
Network
|
-
|
-
|
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-11916
|
2025-01-8 13:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3249
|
8.8 |
HIGH
Network
|
-
|
-
|
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_upda…
|
CWE-862
Missing Authorization
|
CVE-2024-11816
|
2025-01-8 13:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3250
|
- |
|
-
|
-
|
Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of…
|
-
|
CVE-2024-47934
|
2025-01-8 12:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
