CVE ID : CVE-2024-12514 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘3Dvo-model’ shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it […]
CVE ID : CVE-2024-12493 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fddwrap’ shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This […]
CVE ID : CVE-2024-12394 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12330 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it […]
CVE ID : CVE-2024-12285 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12249 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, […]
CVE ID : CVE-2024-12222 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible […]
CVE ID : CVE-2024-12218 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-12206 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes […]
CVE ID : CVE-2024-12122 Published : Jan. 9, 2025, 11:15 a.m. | 32 minutes ago Description : The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
