|
2481
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12475
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2482
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a funct…
|
CWE-352
Origin Validation Error
|
CVE-2024-12279
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2483
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /w…
|
CWE-89
SQL Injection
|
CVE-2024-12195
|
2025-01-4 21:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2484
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12221
|
2025-01-4 19:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2485
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to s…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0205
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2486
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2024-12583
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2487
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and includi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11930
|
2025-01-4 18:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2488
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument …
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0204
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2489
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12701
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2490
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…
|
CWE-352
Origin Validation Error
|
CVE-2024-12545
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
