6.4
CVE-2024-12445 - RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attβ¦
8.8
CVE-2024-12322 - ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKeβ¦
6.1
CVE-2024-11810 - PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arβ¦
0.0
CVE-2024-12208 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevβ¦
9.8
CVE-2024-12470 - School Management System β SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation
The School Management System β SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to rβ¦
6.1
CVE-2024-9208 - Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting
The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrβ¦
4.3
CVE-2024-12327 - LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Sβ¦
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level acceβ¦
6.5
CVE-2024-11496 - Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Updaβ¦
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above,β¦
5.3
CVE-2024-12159 - Optimize Your Campaigns β Google Shopping β Google Ads β Google Adwords <= 3.1 - Information Exposuβ¦
The Optimize Your Campaigns β Google Shopping β Google Ads β Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to exβ¦
6.1
CVE-2024-12256 - Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦