Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-12170 The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15.
network
low complexity
CWE-352
5.4
5.4
2025-01-07 CVE-2024-12176 The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0.
network
low complexity
CWE-862
5.3
5.3
2025-01-07 CVE-2024-12207 The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-01-07 CVE-2024-12208 The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50.
network
low complexity
CWE-352
4.3
4.3
2025-01-07 CVE-2024-12214 The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07 CVE-2024-12252 The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1.
network
low complexity
CWE-94
critical
 9.8
9.8
2025-01-07 CVE-2024-12256 The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07 CVE-2024-12264 The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3.
network
low complexity
CWE-287
critical
 9.8
9.8
2025-01-07 CVE-2024-12288 The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0.
network
low complexity
CWE-352
6.1
6.1
2025-01-07 CVE-2024-12290 The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1