CVE ID : CVE-2024-13218 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. […]
CVE ID : CVE-2024-13216 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the ‘render’ function in /includes/widgets/htevent_sponsor.php. This makes it possible for […]
CVE ID : CVE-2024-13112 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. […]
CVE ID : CVE-2024-13101 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and […]
CVE ID : CVE-2024-13100 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such […]
CVE ID : CVE-2024-12772 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. Severity: 0.0 | NA Visit the […]
CVE ID : CVE-2024-12872 Published : Jan. 31, 2025, 6:15 a.m. | 2 hours, 38 minutes ago Description : The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for […]
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft Vulnerability / Data Security Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could … Read more Published Date: Jan 31, 2025 (3 hours, 35 minutes ago) Vulnerabilities has been mentioned […]
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. […]
CVE ID : CVE-2025-0470 Published : Jan. 31, 2025, 4:15 a.m. | 29 minutes ago Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
