6.4
CVE-2024-11826 - Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, β¦
The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, β¦
5.3
CVE-2024-12711 - RSVP and Event Management <= 2.7.13 - Missing Authorization
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attacβ¦
4.3
CVE-2024-12532 - BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elβ¦
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive privateβ¦
4.3
CVE-2024-12033 - Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries
5.3
CVE-2024-12316 - Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.
0.0
CVE-2025-0305 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0.0
CVE-2024-43243 - WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6.
0.0
CVE-2024-49222 - WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through <= 1.1.0.
0.0
CVE-2024-49249 - WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.
0.0
CVE-2024-49294 - WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.4.3.