| Page(s) : 1 ... 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 [1087] 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 ... | Result(s) : 301176 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 5.4 | 2025-01-30 | CVE-2024-13512 | cve | The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce vali... |
| 5.4 | 2025-01-30 | CVE-2024-13549 | cve | The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insuffi... |
| 6.5 | 2025-01-30 | CVE-2024-13596 | cve | The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey... |
| 8.1 | 2025-01-30 | CVE-2024-13646 | cve | The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'sin... |
| 4.3 | 2025-01-30 | CVE-2024-13652 | cve | The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJ... |
| 5.4 | 2025-01-30 | CVE-2024-13661 | cve | The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and inc... |
| 5.4 | 2025-01-30 | CVE-2024-13664 | cve | The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, a... |
| 5.4 | 2025-01-30 | CVE-2024-13670 | cve | The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including,... |
| 7.5 | 2025-01-30 | CVE-2024-13671 | cve | The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it poss... |
| 5.4 | 2025-01-30 | CVE-2024-13700 | cve | The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1... |
| 6.1 | 2025-01-30 | CVE-2024-13705 | cve | The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up ... |
| 8.1 | 2025-01-30 | CVE-2024-13707 | cve | The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce val... |
| 4.3 | 2025-01-30 | CVE-2024-13715 | cve | The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions u... |
| 9.1 | 2025-01-30 | CVE-2024-13720 | cve | The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function i... |
| 9.8 | 2025-01-30 | CVE-2024-13742 | cve | The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of un... |
| 6.5 | 2025-01-30 | CVE-2024-8494 | cve | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-temp... |
| N/A | 2025-01-30 | CVE-2024-10309 | cve | The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a... |
| N/A | 2025-01-30 | CVE-2024-12163 | cve | The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. |
| N/A | 2025-01-30 | CVE-2024-12400 | cve | The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. |
| N/A | 2025-01-30 | CVE-2024-12638 | cve | The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which c... |
| Page(s) : 1 ... 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 [1087] 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 ... | Result(s) : 301176 |
