6.4
CVE-2024-11760 - Currency Converter Widget β‘ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Currency Converter Widget β‘ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This mβ¦
6.5
CVE-2024-12333 - WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query β¦
10
CVE-2024-21574 -
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or URβ¦
6.9
CVE-2024-12564 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK beforβ¦
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things aboβ¦
4.3
CVE-2024-12329 - Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information β¦
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to acceβ¦
4.3
CVE-2024-11724 - Cookie Consent for WP β Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPAβ¦
The Cookie Consent for WP β Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.β¦
4.3
CVE-2024-12201 - Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
The Hash Form β Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, toβ¦
8.1
CVE-2024-12312 - Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No knβ¦
5.4
CVE-2024-10583 - Popup Maker β Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= β¦
The Popup Maker β Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpost_titleβ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escapinβ¦
4.4
CVE-2024-11727 - NotificationX β Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement β¦
The NotificationX β Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2β¦