|
651
|
7.5 |
HIGH
Network
-
|
-
|
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all version…
New
|
CWE-89
SQL Injection
|
CVE-2024-12157
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
652
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12153
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render…
New
|
CWE-200
Information Exposure
|
CVE-2024-12140
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitizati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12126
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12124
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12049
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11810
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insuffi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11690
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including…
New
|
CWE-862
Missing Authorization
|
CVE-2024-11496
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
7.2 |
HIGH
Network
|
-
|
-
|
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-11465
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
