CVE ID : CVE-2024-11725 Published : Jan. 7, 2025, 7:15 a.m. | 2 hours, 11 minutes ago Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to,…

CVE ID : CVE-2024-12470 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register…

CVE ID : CVE-2024-12471 Published : Jan. 7, 2025, 6:15 a.m. | 3 hours, 11 minutes ago Description : The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX…

CVE ID : CVE-2024-12313 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers…

CVE ID : CVE-2024-12322 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the ‘update_option’ function. This makes it possible for…

CVE ID : CVE-2024-12252 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated…

CVE ID : CVE-2024-12264 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to…

CVE ID : CVE-2025-22395 Published : Jan. 7, 2025, 3:15 a.m. | 6 hours, 11 minutes ago Description : Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead…

CVE ID : CVE-2024-12402 Published : Jan. 7, 2025, 4:15 a.m. | 5 hours, 11 minutes ago Description : The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin…

CVE ID : CVE-2024-55076 Published : Jan. 6, 2025, 9:15 p.m. | 12 hours, 11 minutes ago Description : Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator’s password. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source