|
841
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to s…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0205
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2024-12583
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and includi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11930
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument …
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0204
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12701
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…
|
CWE-352
Origin Validation Error
|
CVE-2024-12545
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12047
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions u…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11974
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
8.8 |
HIGH
Network
|
-
|
-
|
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replac…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10932
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. Th…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0203
|
2025-01-4 16:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
