| Page(s) : 1 ... 237 238 239 240 241 242 243 244 245 246 [247] 248 249 250 251 252 253 254 255 256 257 ... | Result(s) : 324546 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-15 | CVE-2024-6667 | cve | The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-S... |
| N/A | 2025-05-15 | CVE-2024-6665 | cve | The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per... |
| N/A | 2025-05-15 | CVE-2024-6584 | cve | The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs. |
| N/A | 2025-05-15 | CVE-2024-56006 | cve | Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1. |
| N/A | 2025-05-15 | CVE-2024-52880 | cve | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version... |
| N/A | 2025-05-15 | CVE-2024-51666 | cve | Missing Authorization vulnerability in Automattic Tours.This issue affects Tours: from n/a through 1.0.0. |
| N/A | 2025-05-15 | CVE-2024-4665 | cve | The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additional... |
| N/A | 2025-05-15 | CVE-2024-4091 | cve | The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cro... |
| N/A | 2025-05-15 | CVE-2024-4004 | cve | The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Store... |
| N/A | 2025-05-15 | CVE-2024-4002 | cve | The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as adm... |
| N/A | 2025-05-15 | CVE-2024-3996 | cve | The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro... |
| N/A | 2025-05-15 | CVE-2024-3901 | cve | The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts ... |
| 7.2 | 2025-05-15 | CVE-2024-13914 | cve | The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-short... |
| N/A | 2025-05-15 | CVE-2024-12767 | cve | The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts |
| N/A | 2025-05-15 | CVE-2024-0970 | cve | This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. |
| N/A | 2025-05-15 | CVE-2024-0852 | cve | The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated u... |
| N/A | 2025-05-15 | CVE-2024-0249 | cve | The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scri... |
| N/A | 2025-05-15 | CVE-2023-7297 | cve | The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them v... |
| N/A | 2025-05-15 | CVE-2023-7239 | cve | The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users ... |
| N/A | 2025-05-15 | CVE-2023-7231 | cve | The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. |
| Page(s) : 1 ... 237 238 239 240 241 242 243 244 245 246 [247] 248 249 250 251 252 253 254 255 256 257 ... | Result(s) : 324546 |
