|
641
|
9.8 |
CRITICAL
Network
-
|
-
|
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/pa…
New
|
CWE-287
Improper Authentication
|
CVE-2024-12264
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
642
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12256
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
9.8 |
CRITICAL
Network
-
|
-
|
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes i…
New
|
CWE-94
Code Injection
|
CVE-2024-12252
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
644
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12214
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12208
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12207
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
5.3 |
MEDIUM
Network
-
|
-
|
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and inc…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12176
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
648
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12170
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
5.3 |
MEDIUM
Network
-
|
-
|
The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_i…
New
|
CWE-200
Information Exposure
|
CVE-2024-12159
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
650
|
5.3 |
MEDIUM
Network
-
|
-
|
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX …
New
|
CWE-862
Missing Authorization
|
CVE-2024-12158
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
