CVE ID : CVE-2024-12445 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rm_area’ shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-12435 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2024-12332 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the ‘cid’ parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient […]
CVE ID : CVE-2024-12291 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12327 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, […]
CVE ID : CVE-2024-12324 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12322 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the ‘update_option’ function. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12313 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers to […]
CVE ID : CVE-2024-12290 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12288 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
