Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 [1087] 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 ... Result(s) : 301176

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
5.4 2025-01-30 CVE-2024-13512 cve The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce vali...
5.4 2025-01-30 CVE-2024-13549 cve The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insuffi...
6.5 2025-01-30 CVE-2024-13596 cve The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey...
8.1 2025-01-30 CVE-2024-13646 cve The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'sin...
4.3 2025-01-30 CVE-2024-13652 cve The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJ...
5.4 2025-01-30 CVE-2024-13661 cve The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and inc...
5.4 2025-01-30 CVE-2024-13664 cve The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, a...
5.4 2025-01-30 CVE-2024-13670 cve The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including,...
7.5 2025-01-30 CVE-2024-13671 cve The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it poss...
5.4 2025-01-30 CVE-2024-13700 cve The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1...
6.1 2025-01-30 CVE-2024-13705 cve The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up ...
8.1 2025-01-30 CVE-2024-13707 cve The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce val...
4.3 2025-01-30 CVE-2024-13715 cve The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions u...
9.1 2025-01-30 CVE-2024-13720 cve The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function i...
9.8 2025-01-30 CVE-2024-13742 cve The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of un...
6.5 2025-01-30 CVE-2024-8494 cve The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-temp...
N/A 2025-01-30 CVE-2024-10309 cve The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a...
N/A 2025-01-30 CVE-2024-12163 cve The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.
N/A 2025-01-30 CVE-2024-12400 cve The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
N/A 2025-01-30 CVE-2024-12638 cve The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which c...
Page(s) : 1 ... 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 [1087] 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 ... Result(s) : 301176