|
771
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on t…
|
CWE-89
SQL Injection
|
CVE-2024-12332
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, …
|
CWE-862
Missing Authorization
|
CVE-2024-12327
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12324
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
8.8 |
HIGH
Network
|
-
|
-
|
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the…
|
CWE-352
Origin Validation Error
|
CVE-2024-12322
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
8.1 |
HIGH
Network
|
-
|
-
|
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compar…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12313
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. Thi…
|
CWE-352
Origin Validation Error
|
CVE-2024-12291
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12290
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This …
|
CWE-352
Origin Validation Error
|
CVE-2024-12288
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
9.8 |
CRITICAL
Network
-
|
-
|
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/pa…
|
CWE-287
Improper Authentication
|
CVE-2024-12264
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
780
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12256
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
