Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:09
The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. T…
Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:09
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authentic…
Medium
CVSS: 5.3
Yayın: 2025-01-07 04:15:09
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This mak…
Medium
CVSS: 6.1
Yayın: 2025-01-07 04:15:09
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject m…
Medium
CVSS: 5.4
Yayın: 2025-01-07 04:15:09
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes…
Unknown
CVSS: -
Yayın: 2025-01-07 04:15:08
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All refer…
Medium
CVSS: 4.3
Yayın: 2025-01-07 04:15:08
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attacker…
Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:08
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficie…
Medium
CVSS: 6.5
Yayın: 2025-01-07 04:15:08
The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action…
High
CVSS: 7.5
Yayın: 2025-01-07 04:15:08
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parame…
Critical
CVSS: 9.8
Yayın: 2025-01-07 04:15:07
The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a us…
Medium
CVSS: 6.1
Yayın: 2025-01-07 04:15:07
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it p…
Unknown
CVSS: -
Yayın: 2025-01-07 04:15:07
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All refer…
Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:07
The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitizatio…
Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:07
The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attri…
Medium
CVSS: 6.4
Yayın: 2025-01-07 04:15:07
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on…
Medium
CVSS: 4.9
Yayın: 2025-01-07 04:15:06
The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S…
High
CVSS: 8.2
Yayın: 2025-01-07 03:15:06
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on th…
High
CVSS: 7.5
Yayın: 2025-01-06 23:15:07
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a fo…
High
CVSS: 7.5
Yayın: 2025-01-06 23:15:07
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB…