|
811
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12592
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12590
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
5.3 |
MEDIUM
Network
-
|
-
|
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in…
|
CWE-862
Missing Authorization
|
CVE-2024-12559
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
814
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it…
|
CWE-352
Origin Validation Error
|
CVE-2024-12557
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on t…
|
CWE-352
Origin Validation Error
|
CVE-2024-12541
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12540
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function…
|
CWE-200
Information Exposure
|
CVE-2024-12538
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all ver…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12528
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
6.5 |
MEDIUM
Network
-
|
-
|
The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due …
|
CWE-94
Code Injection
|
CVE-2024-12419
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
820
|
7.5 |
HIGH
Network
-
|
-
|
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due t…
|
CWE-89
SQL Injection
|
CVE-2024-12416
|
2025-01-7 13:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
