6.5

CVSS3.1

CVE-2024-12030 - MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi…

πŸ“… Published: Jan. 8, 2025, 4:17 a.m. πŸ”„ Last Modified: April 8, 2026, 5:25 p.m.

8.8

CVSS3.1

CVE-2024-11271 - WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscr…

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to…

πŸ“… Published: Jan. 8, 2025, 4:17 a.m. πŸ”„ Last Modified: April 8, 2026, 5:05 p.m.

6.4

CVSS3.1

CVE-2024-12205 - Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribut…

πŸ“… Published: Jan. 8, 2025, 4:17 a.m. πŸ”„ Last Modified: April 8, 2026, 4:49 p.m.

4.8

CVSS3.1

CVE-2025-21603 -

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.

πŸ“… Published: Jan. 8, 2025, 3:30 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.2

CVSS3.1

CVE-2024-54121 -

Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

πŸ“… Published: Jan. 8, 2025, 3:24 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:42 p.m.

6.8

CVSS3.1

CVE-2024-56456 -

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:23 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:49 p.m.

5.5

CVSS3.1

CVE-2024-56455 -

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:22 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:49 p.m.

5.5

CVSS3.1

CVE-2024-56454 -

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:21 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:49 p.m.

6.8

CVSS3.1

CVE-2024-56453 -

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:49 p.m.

8.8

CVSS3.1

CVE-2024-11816 - The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Su…

The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and a…

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: April 8, 2026, 5:16 p.m.
Total resulsts: 345302
Page 6840 of 34,531
Β« previous page Β» next page
Filters