6.4
CVE-2024-13387 - WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.7
CVE-2024-50563 -
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker toβ¦
5.2
CVE-2024-48885 -
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.β¦
6.9
CVE-2024-45331 -
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 thβ¦
6.5
CVE-2024-12226 -
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accoβ¦
0.0
CVE-2025-20066 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
4.3
CVE-2024-10789 - WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the pluginβ¦
6.4
CVE-2024-11452 - Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scriβ¦
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes β¦
5.4
CVE-2024-10970 - Motors β Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcβ¦
The The Motors β Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. Tβ¦
6.1
CVE-2025-0170 - DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arβ¦