|
121
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status()…
|
CWE-352
Origin Validation Error
|
CVE-2024-12385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0554
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
5.3 |
MEDIUM
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, an…
|
CWE-200
Information Exposure
|
CVE-2025-0318
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
124
|
7.5 |
HIGH
Network
-
|
-
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parame…
|
CWE-89
SQL Injection
|
CVE-2025-0308
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
125
|
- |
|
-
|
-
|
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which cou…
|
-
|
CVE-2024-9020
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13516
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13515
|
2025-01-18 15:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
5.3 |
MEDIUM
Network
-
|
-
|
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete…
|
CWE-862
Missing Authorization
|
CVE-2024-12071
|
2025-01-18 13:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
129
|
- |
|
-
|
-
|
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where yo…
|
CWE-94
Code Injection
|
CVE-2025-23209
|
2025-01-18 10:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
- |
|
-
|
-
|
Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3
|
-
|
CVE-2024-11923
|
2025-01-18 09:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
