5.3
CVE-2024-9697 - Social Rocket โ Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update
The Social Rocket โ Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticateโฆ
6.4
CVE-2024-11749 - App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,โฆ
6.1
CVE-2024-12324 - Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page'
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the โpageโ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scโฆ
6.1
CVE-2024-12435 - Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the โs_featureโ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injโฆ
6.4
CVE-2024-11382 - Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.โฆ
The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output esโฆ
6.4
CVE-2024-12445 - RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attโฆ
8.8
CVE-2024-12322 - ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKeโฆ
6.1
CVE-2024-11810 - PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arโฆ
0.0
CVE-2024-12208 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevโฆ
9.8
CVE-2024-12470 - School Management System โ SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation
The School Management System โ SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to rโฆ