CVE ID : CVE-2024-13386 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with […]
CVE ID : CVE-2024-13366 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘debug’ parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to […]
CVE ID : CVE-2024-12637 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user […]
CVE ID : CVE-2024-13367 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and […]
CVE ID : CVE-2024-12598 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2024-12508 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘glofox’ and ‘glofox_lead_capture ‘ shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied […]
CVE ID : CVE-2024-12466 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘nonce’ parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to […]
CVE ID : CVE-2024-12203 Published : Jan. 17, 2025, 7:15 a.m. | 28 minutes ago Description : The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated […]
CVE ID : CVE-2024-13333 Published : Jan. 17, 2025, 6:15 a.m. | 28 minutes ago Description : The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘fma_local_file_system’ function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and […]
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
