|
2001
|
5.3 |
MEDIUM
Network
-
|
-
|
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-12712
|
2025-01-8 19:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2002
|
7.5 |
HIGH
Network
-
|
-
|
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated at…
|
CWE-22
Path Traversal
|
CVE-2024-9939
|
2025-01-8 18:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2003
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including,…
|
CWE-862
Missing Authorization
|
CVE-2024-12855
|
2025-01-8 18:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2004
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12328
|
2025-01-8 18:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2005
|
7.5 |
HIGH
Network
-
|
-
|
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping…
|
CWE-89
SQL Injection
|
CVE-2024-11939
|
2025-01-8 18:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2006
|
9.8 |
CRITICAL
Network
-
|
-
|
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's ide…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-11350
|
2025-01-8 18:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2007
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12045
|
2025-01-8 17:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2008
|
9.8 |
CRITICAL
Network
-
|
-
|
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for …
|
CWE-94
Code Injection
|
CVE-2024-11635
|
2025-01-8 17:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2009
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9673
|
2025-01-8 16:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2010
|
- |
|
-
|
-
|
A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argume…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-8002
|
2025-01-8 16:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
