3.5

CVSS3.1

CVE-2025-0717 - Social Slider Feed < 2.2.9 - Admin+ Stored XSS

To exploit the vulnerability, it is necessary:

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: Jan. 13, 2026, 4:23 p.m.

4.7

CVSS3.1

CVE-2024-9770 - WP-Recall < 16.26.12 - Admin+ SQL Injection

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: April 29, 2025, 5:24 p.m.

7.1

CVSS3.1

CVE-2024-13863 - Stylish Google Sheet Reader < 4.1 - Reflected XSS

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: April 29, 2025, 5:35 p.m.

7.2

CVSS3.1

CVE-2024-13618 - Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: June 20, 2025, 3:50 p.m.

8.6

CVSS3.1

CVE-2024-13617 - Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: June 20, 2025, 3:47 p.m.

3.5

CVSS3.1

CVE-2024-13123 - AFI < 1.100.0 - Admin+ Stored XSS

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: April 1, 2025, 4:45 p.m.

3.5

CVSS3.1

CVE-2024-13122 - AFI < 1.100.0 - Admin+ Stored XSS

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: April 1, 2025, 4:45 p.m.

4.3

CVSS3.1

CVE-2024-13118 - IP Based Login < 2.4.1 - Log Deletion via CSRF

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 6, 2025, 7:45 p.m.

3.5

CVSS3.1

CVE-2024-12769 - Simple Banner < 3.0.4 - Admin+ Stored XSS

The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: April 29, 2025, 5:54 p.m.

6.1

CVSS3.1

CVE-2024-12682 - Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: March 25, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 6, 2025, 7:51 p.m.
Total resulsts: 343929
Page 5697 of 34,393
ยซ previous page ยป next page
Filters