CVE ID : CVE-2024-9702 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialrocket-floating’ shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user […]
CVE ID : CVE-2024-9638 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed […]
CVE ID : CVE-2024-8857 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. Severity: 0.0 | NA Visit the link […]
CVE ID : CVE-2024-8855 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks Severity: 0.0 | NA Visit the link for […]
CVE ID : CVE-2024-12849 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the […]
CVE ID : CVE-2024-9697 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes […]
The following table lists the changes that have been made to the CVE-2024-7696 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jan. 07, 2025 Action […]
CVE ID : CVE-2024-12633 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and […]
CVE ID : CVE-2024-12535 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the ‘phpinfo’ function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12471 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
