0.0
CVE-2025-22265 - WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability
Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through <= 1.1.
0.0
CVE-2024-44055 - WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerβ¦
Server-Side Request Forgery (SSRF) vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through < 3.3.8.
6.4
CVE-2024-13566 - WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 0.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboβ¦
6.4
CVE-2024-13157 - MP3 Audio Player β Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contribβ¦
The MP3 Audio Player β Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makesβ¦
4.3
CVE-2024-13530 - Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletioβ¦
The Custom Login Page Styler β Limit Login Attempts β Restrict Content With Login β Redirect After Login β Change Login URL β Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_lβ¦
5.9
CVE-2024-13623 - Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unproβ¦
The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads dβ¦
6.1
CVE-2024-13226 - A5 Custom Login Page <= 2.8.1 - Reflected XSS
The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13225 - ECT Home Page Products <= 1.9 - Reflected XSS
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13224 - SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13223 - Tabulate <= 2.10.3 - Reflected XSS
The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.