|
4391
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing ca…
|
CWE-862
Missing Authorization
|
CVE-2025-0515
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4392
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0369
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4393
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13519
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4394
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13517
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4395
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Utilities for MTG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13433
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4396
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. Thi…
|
CWE-352
Origin Validation Error
|
CVE-2024-13432
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4397
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13393
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4398
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_up…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13391
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4399
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13385
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4400
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validat…
|
CWE-352
Origin Validation Error
|
CVE-2024-13317
|
2025-01-18 16:15 |
2025-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
