|
3451
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-6155
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3452
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including…
|
CWE-862
Missing Authorization
|
CVE-2024-5769
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3453
|
8.8 |
HIGH
Network
|
-
|
-
|
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Th…
|
CWE-862
Missing Authorization
|
CVE-2024-12848
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3454
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12819
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3455
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12621
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3456
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.…
|
CWE-862
Missing Authorization
|
CVE-2024-12618
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3457
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and includin…
|
CWE-862
Missing Authorization
|
CVE-2024-12616
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3458
|
8.6 |
HIGH
Network
-
|
-
|
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This …
|
CWE-862
Missing Authorization
|
CVE-2024-12542
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3459
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12515
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3460
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12514
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
