CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-12855 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers,…

CVE ID : CVE-2024-13185 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-11939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of…

CVE ID : CVE-2024-12328 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

CVE ID : CVE-2024-11350 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user’s identity prior to updating their password through…

CVE ID : CVE-2024-11635 Published : Jan. 8, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the ‘wfu_ABSPATH’ cookie parameter. This makes it possible for unauthenticated attackers to execute code on the…

CVE ID : CVE-2024-11271 Published : Jan. 8, 2025, 5:15 a.m. | 4 hours, 35 minutes ago Description : The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated…

CVE ID : CVE-2024-11613 Published : Jan. 8, 2025, 7:15 a.m. | 2 hours, 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the ‘wfu_file_downloader.php’ file. This is due to lack of…

CVE ID : CVE-2024-11816 Published : Jan. 8, 2025, 4:15 a.m. | 5 hours, 35 minutes ago Description : The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the ‘wpext_handle_snippet_update’ function. This makes it possible for authenticated attackers,…