CVE ID : CVE-2024-12264 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to setting […]
CVE ID : CVE-2024-12256 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘analytics_video’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2024-12252 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12214 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it […]
CVE ID : CVE-2024-12208 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This […]
CVE ID : CVE-2024-12207 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2024-12176 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘wl_config_plugin’ AJAX action in all versions up to, and including, 3.54.0. This makes it possible […]
CVE ID : CVE-2024-12170 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the ‘Viewmedica-Admin’ page. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12159 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it […]
CVE ID : CVE-2024-12158 Published : Jan. 7, 2025, 5:15 a.m. | 32 minutes ago Description : The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘upc_delete_db_data’ AJAX action in all versions up to, and including, 3.2.6. This makes […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
