351
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it p…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-13360
|
2025-01-22 17:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
352
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13319
|
2025-01-22 17:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
353
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-13406
|
2025-01-22 16:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
354
|
9.8 |
CRITICAL
Network
-
|
-
|
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to loggin…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-12857
|
2025-01-22 16:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
355
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.1…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12117
|
2025-01-22 16:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
356
|
- |
|
-
|
-
|
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected produc…
New
|
CWE-78
OS Command
|
CVE-2025-23237
|
2025-01-22 15:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
357
|
- |
|
-
|
-
|
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specifi…
New
|
CWE-1242
Inclusion of Undocumented Features or Chicken Bits
|
CVE-2025-22450
|
2025-01-22 15:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
358
|
- |
|
-
|
-
|
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If this vulnerability is exploited, an arbitrar…
New
|
CWE-78
OS Command
|
CVE-2025-20617
|
2025-01-22 15:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
359
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versio…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12879
|
2025-01-22 15:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
360
|
8.6 |
HIGH
Local
|
-
|
-
|
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might miti…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-11218
|
2025-01-22 14:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|