CVE ID : CVE-2024-11626 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400. Severity: 8.4…

CVE ID : CVE-2024-12202 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘ironMusic_ajax’ function in all versions up to, and including, 3.6. This…

CVE ID : CVE-2024-12535 Published : Jan. 7, 2025, 6:15 a.m. | 3 hours, 11 minutes ago Description : The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the ‘phpinfo’ function in all versions up to, and including, 1.0.4. This makes it possible for…

CVE ID : CVE-2024-11725 Published : Jan. 7, 2025, 7:15 a.m. | 2 hours, 11 minutes ago Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to,…

CVE ID : CVE-2024-12470 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register…

CVE ID : CVE-2024-12471 Published : Jan. 7, 2025, 6:15 a.m. | 3 hours, 11 minutes ago Description : The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX…

CVE ID : CVE-2024-12313 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers…

CVE ID : CVE-2024-12322 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the ‘update_option’ function. This makes it possible for…

CVE ID : CVE-2024-12252 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated…

CVE ID : CVE-2024-12264 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to…