6.5

CVSS3.1

CVE-2024-13117 - Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 13, 2025, 8:59 p.m.

3.8

CVSS3.1

CVE-2024-13116 - Crelly Slider < 1.4.7 - Admin+ Stored XSS

The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 13, 2025, 9:07 p.m.

4.8

CVSS3.1

CVE-2024-13095 - WP Triggers Lite <= 2.5.3 - Admin+ SQL Injection

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 5, 2025, 3:16 p.m.

7.1

CVSS3.1

CVE-2024-13094 - WP Triggers Lite <= 2.5.3 - Reflected XSS

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 7:15 p.m.

7.1

CVSS3.1

CVE-2024-13057 - Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 7:06 p.m.

7.1

CVSS3.1

CVE-2024-13056 - Dyn Business Panel <= 1.0.0 - Reflected XSS

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 7:06 p.m.

7.1

CVSS3.1

CVE-2024-13055 - Dyn Business Panel <= 1.0.0 - Reflected XSS

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 7:03 p.m.

7.1

CVSS3.1

CVE-2024-13052 - Dental Optimizer Patient Generator App <= 1.0 - Reflected XSS

The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 13, 2025, 9:10 p.m.

6.5

CVSS3.1

CVE-2024-12774 - Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: Jan. 9, 2026, 9:16 p.m.

7.2

CVSS3.1

CVE-2024-12773 - Altra Side Menu <= 2.0 - Admin+ SQL Injection

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

๐Ÿ“… Published: Jan. 27, 2025, 6 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 6:54 p.m.
Total resulsts: 349182
Page 6950 of 34,919
ยซ previous page ยป next page
Filters