CVE ID : CVE-2024-12590 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated […]
CVE ID : CVE-2024-12592 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘testSellsy’ shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it […]
CVE ID : CVE-2024-12559 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘clickdesigns_add_api’ and the ‘clickdesigns_remove_api’ functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12557 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious […]
CVE ID : CVE-2024-12541 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it […]
CVE ID : CVE-2024-12540 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-12538 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the ‘dpp_duplicate_as_draft’ function. This makes it possible for authenticated attackers, with Contributor-level access […]
CVE ID : CVE-2024-12528 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpsurveypoll_results’ shortcode in all versions up to, and including, 1.7.5 due to insufficient input […]
CVE ID : CVE-2024-12022 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wmi_delete_img_menu’ function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-11934 Published : Jan. 7, 2025, 4:15 a.m. | 29 minutes ago Description : The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
