0.0
CVE-2024-12540 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All references and descriptions in this candidate have been removed to prevโฆ
4.3
CVE-2024-12538 - Duplicate Post, Page and Any Custom Post <= 3.5.5 - Authenticated (Contributor+) Post Disclosure viโฆ
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.5 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to exโฆ
0.0
CVE-2024-12022 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been removed to prevโฆ
6.4
CVE-2024-11899 - Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aโฆ
5.3
CVE-2024-12559 - ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to mโฆ
6.1
CVE-2024-12098 - ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject aโฆ
6.4
CVE-2024-12592 - Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackersโฆ
6.4
CVE-2024-11777 - Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibleโฆ
7.5
CVE-2024-12416 - Woomotiv <= 3.6.1 - Unauthenticated SQL Injection
The Live Sales Notification for Woocommerce โ Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exiโฆ
5.4
CVE-2024-12541 - Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Funโฆ
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to chaโฆ