|
591
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 1…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12077
|
2025-01-7 17:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
5.3 |
MEDIUM
Network
-
|
-
|
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and includ…
New
|
CWE-862
Missing Authorization
|
CVE-2024-10866
|
2025-01-7 17:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
593
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9502
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input s…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9354
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_conten…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12781
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insuff…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12624
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_jdt' shortcode in all versions up to, and including, 4.0.1 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12499
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtb-bootstrap/column' block in all versions up to, and including, 2.5.0 due to insuffi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12495
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12437
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11764
|
2025-01-7 16:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
