4.8

CVSS3.1

CVE-2024-13120 - ProfilePress < 4.15.20 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whe…

πŸ“… Published: Feb. 13, 2025, 6 a.m. πŸ”„ Last Modified: May 21, 2025, 6:57 p.m.

4.8

CVSS3.1

CVE-2024-13119 - ProfilePress < 4.15.20 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whe…

πŸ“… Published: Feb. 13, 2025, 6 a.m. πŸ”„ Last Modified: May 21, 2025, 7 p.m.

6.1

CVSS3.1

CVE-2024-12586 - Chalet Montagne Com Tools <= 2.7.8 - Reflected XSS

The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

πŸ“… Published: Feb. 13, 2025, 6 a.m. πŸ”„ Last Modified: May 23, 2025, 5:58 p.m.

7.2

CVSS4.0

CVE-2025-1070 -

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded.

πŸ“… Published: Feb. 13, 2025, 5:55 a.m. πŸ”„ Last Modified: Feb. 13, 2025, 2:27 p.m.

8.7

CVSS4.0

CVE-2025-1060 -

CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.

πŸ“… Published: Feb. 13, 2025, 5:53 a.m. πŸ”„ Last Modified: Feb. 13, 2025, 3:57 p.m.

8.7

CVSS4.0

CVE-2025-1059 -

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device.

πŸ“… Published: Feb. 13, 2025, 5:49 a.m. πŸ”„ Last Modified: Feb. 13, 2025, 4:30 p.m.

7.2

CVSS4.0

CVE-2025-1058 -

CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded.

πŸ“… Published: Feb. 13, 2025, 5:45 a.m. πŸ”„ Last Modified: Feb. 13, 2025, 4:30 p.m.

6.8

CVSS4.0

CVE-2024-10083 -

CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.

πŸ“… Published: Feb. 13, 2025, 5:40 a.m. πŸ”„ Last Modified: Feb. 13, 2025, 2:29 p.m.

9.8

CVSS3.1

CVE-2024-10763 - Campress <= 1.35 - Unauthenticated Local File Inclusion

The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execut…

πŸ“… Published: Feb. 13, 2025, 4:21 a.m. πŸ”„ Last Modified: April 8, 2026, 5:26 p.m.

8.1

CVSS3.1

CVE-2024-13770 - Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Obje…

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inj…

πŸ“… Published: Feb. 13, 2025, 4:21 a.m. πŸ”„ Last Modified: April 8, 2026, 5:09 p.m.
Total resulsts: 343921
Page 6218 of 34,393
Β« previous page Β» next page
Filters