|
2291
|
7.1 |
HIGH
Network
|
-
|
-
|
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12633
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2292
|
8.6 |
HIGH
Network
-
|
-
|
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4…
|
CWE-862
Missing Authorization
|
CVE-2024-12535
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2293
|
8.8 |
HIGH
Network
|
-
|
-
|
The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and fi…
|
CWE-94
Code Injection
|
CVE-2024-12471
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2294
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12464
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2295
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12440
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2296
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12439
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2297
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date’ and 'end_date' parameters in all versions …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12438
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2298
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12384
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2299
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw…
|
CWE-352
Origin Validation Error
|
CVE-2024-12383
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2300
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12261
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
