|
111
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0369
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13519
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13517
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Utilities for MTG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13433
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. Thi…
|
CWE-352
Origin Validation Error
|
CVE-2024-13432
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13393
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_up…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13391
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validat…
|
CWE-352
Origin Validation Error
|
CVE-2024-13317
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all ver…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12696
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
