|
111
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect no…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12218
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce val…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12206
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output e…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12122
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' fun…
New
|
CWE-89
SQL Injection
|
CVE-2024-12067
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to ins…
New
|
CWE-862
Missing Authorization
|
CVE-2024-11929
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11907
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pósturinn\'s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11815
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WhatsApp ?? click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficien…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11686
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11328
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
9.8 |
CRITICAL
Network
-
|
-
|
The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusio…
New
|
CWE-22
Path Traversal
|
CVE-2024-11642
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
