0.0
CVE-2024-12208 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevβ¦
9.8
CVE-2024-12470 - School Management System β SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation
The School Management System β SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to rβ¦
6.1
CVE-2024-9208 - Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting
The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrβ¦
4.3
CVE-2024-12327 - LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Sβ¦
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level acceβ¦
6.5
CVE-2024-11496 - Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Updaβ¦
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above,β¦
5.3
CVE-2024-12159 - Optimize Your Campaigns β Google Shopping β Google Ads β Google Adwords <= 3.1 - Information Exposuβ¦
The Optimize Your Campaigns β Google Shopping β Google Ads β Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to exβ¦
6.1
CVE-2024-12256 - Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦
5.3
CVE-2024-12176 - WordLift β AI powered SEO β Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+)β¦
The WordLift β AI powered SEO β Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings.
6.5
CVE-2024-12332 - School Management System β WPSchoolPress <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection
The School Management System β WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makesβ¦
4.3
CVE-2024-12140 - Elementor AI Addons β 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Coβ¦
The Elementor Addons AI Addons β 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possiblβ¦