CVE ID : CVE-2024-12464 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘chatroll’ shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This […]
CVE ID : CVE-2024-12440 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘candifly’ shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it […]
CVE ID : CVE-2024-12439 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘marketplace’ shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-12261 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘se-lists-updated’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to […]
CVE ID : CVE-2024-12438 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output […]
CVE ID : CVE-2024-12384 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12383 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the ‘bmw_display_pv_set_page’ function and insufficient input sanitization and […]
CVE ID : CVE-2024-12073 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slide_url_value’ parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, […]
CVE ID : CVE-2024-11887 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘geotargetlygeocontent’ shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-11756 Published : Jan. 7, 2025, 6:15 a.m. | 25 minutes ago Description : The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sweepwidget’ shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
