|
751
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes…
|
CWE-200
Information Exposure
|
CVE-2024-8494
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
9.8 |
CRITICAL
Network
-
|
-
|
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-13742
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
753
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, …
|
CWE-352
Origin Validation Error
|
CVE-2024-13720
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3…
|
CWE-862
Missing Authorization
|
CVE-2024-13715
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
9.8 |
CRITICAL
Network
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() fu…
|
CWE-862
Missing Authorization
|
CVE-2024-12822
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
756
|
8.8 |
HIGH
Network
|
-
|
-
|
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media()…
|
CWE-862
Missing Authorization
|
CVE-2024-12821
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
8.8 |
HIGH
Network
|
-
|
-
|
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function i…
|
CWE-862
Missing Authorization
|
CVE-2024-12129
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13466
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-13380
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed w…
|
CWE-79
Cross-site Scripting
|
CVE-2025-0747
|
2025-01-30 23:15 |
2025-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
