5.4
CVE-2024-11913 - Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Requ…
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web…
8.8
CVE-2024-41739 - IBM Cognos Dashboards on Cloud Pak for Data privilege escalation
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
7.5
CVE-2024-13408 - Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.1…
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attacker…
6.4
CVE-2024-13354 - Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - A…
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This …
4.3
CVE-2024-13335 - Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Mi…
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authentica…
6.4
CVE-2024-13542 - WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (…
The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied a…
6.5
CVE-2024-13594 - Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofix_sdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que…
6.4
CVE-2024-13572 - Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cro…
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This…
7.5
CVE-2024-13409 - Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.1…
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authe…
0.0
CVE-2025-22714 - WordPress MDJM Event Management Plugin <= 1.7.5.6 - Reflected Cross Site Scripting (XSS) vulnerabil…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6.