5.3
CVE-2024-12316 - Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.
0.0
CVE-2025-0305 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2024-43243 - WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6.
9.8
CVE-2024-49222 - WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through <= 1.1.0.
8.6
CVE-2024-49249 - WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.
4.3
CVE-2024-49294 - WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.4.3.
7.1
CVE-2024-49633 - WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through <= 3.6.19.
8.8
CVE-2024-49644 - WordPress Accessibility by AllAccessible plugin <= 1.3.4 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4.
9.8
CVE-2024-49649 - WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23.
5.3
CVE-2024-51651 - WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.10.