|
3551
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including…
|
CWE-862
Missing Authorization
|
CVE-2024-5769
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3552
|
8.8 |
HIGH
Network
|
-
|
-
|
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Th…
|
CWE-862
Missing Authorization
|
CVE-2024-12848
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3553
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12819
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3554
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12621
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3555
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.…
|
CWE-862
Missing Authorization
|
CVE-2024-12618
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3556
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and includin…
|
CWE-862
Missing Authorization
|
CVE-2024-12616
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3557
|
8.6 |
HIGH
Network
-
|
-
|
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This …
|
CWE-862
Missing Authorization
|
CVE-2024-12542
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3558
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12515
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3559
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12514
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3560
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12496
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
