logo_clicknbuy.png

Day: 18 January 2025

CVE-2024-13519 – MarketKing (WordPress) – Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-13519 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin’s settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it […]

CVE-2024-13517 – Easy Digital Downloads Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-13517 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output […]

CVE-2024-13432 – WordPress Webcamconsult CSRF

CVE ID : CVE-2024-13432 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to […]

CVE-2024-13393 – WordPress Video Share VOD Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-13393 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_videos’ shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output […]

CVE-2024-13391 – WordPress MicroPayments Fans Paid Creator Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-13391 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_content_upload_guest’ shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization […]

CVE-2024-12696 – WordPress Picture Gallery Frontend Image Uploads AJAX Photo List Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-12696 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output […]

CVE-2024-12385 – “WordPress WP Abstracts CSRF Vulnerability”

CVE ID : CVE-2024-12385 Published : Jan. 18, 2025, 7:15 a.m. | 29 minutes ago Description : The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated […]