|
2311
|
9.8 |
CRITICAL
Network
-
|
-
|
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly l…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-12470
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2312
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12462
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2313
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12457
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2314
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12453
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2315
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12445
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2316
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12435
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2317
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on t…
|
CWE-89
SQL Injection
|
CVE-2024-12332
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2318
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, …
|
CWE-862
Missing Authorization
|
CVE-2024-12327
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2319
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-12324
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2320
|
8.8 |
HIGH
Network
|
-
|
-
|
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the…
|
CWE-352
Origin Validation Error
|
CVE-2024-12322
|
2025-01-7 14:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
