CVE ID : CVE-2024-12817 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘product_link’ shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes […]
CVE ID : CVE-2024-12113 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions […]
CVE ID : CVE-2024-12826 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for […]
CVE ID : CVE-2024-12816 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘notice-board’ shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. […]
CVE ID : CVE-2024-12529 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘BrodosCategory’ shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This […]
CVE ID : CVE-2024-12512 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘askmeanythingpeople’ shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. […]
CVE ID : CVE-2024-12076 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. […]
CVE ID : CVE-2024-11825 Published : Jan. 25, 2025, 8:15 a.m. | 29 minutes ago Description : The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with […]
CVE ID : CVE-2024-12600 Published : Jan. 25, 2025, 7:15 a.m. | 1 hour, 29 minutes ago Description : The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the ‘frs_woo_product_tabs’ parameter. This makes it possible for […]
CVE ID : CVE-2024-10552 Published : Jan. 25, 2025, 7:15 a.m. | 1 hour, 29 minutes ago Description : The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and ‘api_secret’ parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
