Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-11812 The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091.
network
low complexity
CWE-352
6.1
6.1
2024-12-20 CVE-2024-11878 The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-20 CVE-2024-11893 The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-20 CVE-2024-12506 The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-20 CVE-2024-12509 The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-20 CVE-2024-12571 The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter.
network
low complexity
CWE-98
critical
 9.8
9.8
2024-12-20 CVE-2024-9503 The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-284
4.3
4.3
2024-12-20 CVE-2024-9619 The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-20 CVE-2023-42867 Unspecified vulnerability in Apple Garageband
This issue was addressed with improved validation of the process entitlement and Team ID.
local
low complexity
apple
7.8
7.8
2024-12-20 CVE-2024-44195 Unspecified vulnerability in Apple Macos 15.0
A logic issue was addressed with improved validation.
network
low complexity
apple
7.5
7.5