6.4

CVSS3.1

CVE-2024-12112 - Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site…

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to i…

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.4

CVSS3.1

CVE-2024-11916 - The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Su…

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscr…

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: April 8, 2026, 5:01 p.m.

5.3

CVSS3.1

CVE-2024-12713 - SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenti…

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export dat…

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: April 8, 2026, 4:48 p.m.

6.4

CVSS3.1

CVE-2024-12521 - Slotti Ajanvaraus <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent…

πŸ“… Published: Jan. 8, 2025, 3:18 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-56452 -

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:17 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:48 p.m.

7.3

CVSS3.1

CVE-2024-56451 -

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:16 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:48 p.m.

6.3

CVSS3.1

CVE-2024-56450 -

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:14 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:48 p.m.

6.6

CVSS3.1

CVE-2024-56449 -

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

πŸ“… Published: Jan. 8, 2025, 3:13 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:42 p.m.

6.7

CVSS3.1

CVE-2024-56448 -

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.

πŸ“… Published: Jan. 8, 2025, 3:11 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:43 p.m.

7.8

CVSS3.1

CVE-2024-56447 -

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

πŸ“… Published: Jan. 8, 2025, 3:03 a.m. πŸ”„ Last Modified: Jan. 13, 2025, 9:42 p.m.
Total resulsts: 349182
Page 7229 of 34,919
Β« previous page Β» next page
Filters