CVE ID : CVE-2024-12852 Published : Jan. 8, 2025, 7:15 a.m. | 33 minutes ago Description : The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha_cmc_text’ parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. […]
CVE ID : CVE-2024-12851 Published : Jan. 8, 2025, 7:15 a.m. | 33 minutes ago Description : The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and […]
CVE ID : CVE-2024-12584 Published : Jan. 8, 2025, 7:15 a.m. | 33 minutes ago Description : The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the ‘duplicate’ function. This makes it possible for authenticated attackers, with […]
CVE ID : CVE-2024-11613 Published : Jan. 8, 2025, 7:15 a.m. | 33 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the ‘wfu_file_downloader.php’ file. This is due to lack of proper […]
CVE ID : CVE-2024-10585 Published : Jan. 8, 2025, 6:15 a.m. | 55 minutes ago Description : The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the ‘historyID’ parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside […]
CVE ID : CVE-2024-12585 Published : Jan. 8, 2025, 6:15 a.m. | 55 minutes ago Description : The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Severity: […]
CVE ID : CVE-2024-10151 Published : Jan. 8, 2025, 6:15 a.m. | 55 minutes ago Description : The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above […]
The following table lists the changes that have been made to the CVE-2024-54731 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jan. 08, 2025 Action […]
CVE ID : CVE-2024-12205 Published : Jan. 8, 2025, 5:15 a.m. | 31 minutes ago Description : The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it […]
CVE ID : CVE-2024-12030 Published : Jan. 8, 2025, 5:15 a.m. | 31 minutes ago Description : The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the ‘key’ attribute of the ‘mdf_value’ shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
