|
3141
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The ma…
|
CWE-23
CWE-24
Relative Path Traversal
Path Traversal: '../filedir'
|
CVE-2025-0390
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3142
|
- |
|
-
|
-
|
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL …
|
-
|
CVE-2024-42175
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3143
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12527
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3144
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12520
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3145
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12519
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3146
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12412
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3147
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 du…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12407
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3148
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12116
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3149
|
9.8 |
CRITICAL
Network
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12877
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3150
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts c…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-11915
|
2025-01-11 17:15 |
2025-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
