VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-18
CVE-2024-12259
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120.
network
low complexity
CWE-862
8.8
8.8
2024-12-18
CVE-2024-12432
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8.
network
high complexity
CWE-330
8.1
8.1
2024-12-18
CVE-2024-12449
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-12596
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-18
CVE-2024-11439
The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-11748
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-11881
The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-12500
The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-12513
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18
CVE-2024-47480
Link Following vulnerability in Dell Inventory Collector 12.3.0.6
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability.
local
low complexity
dell
CWE-59
7.8
7.8
«
Previous
1
2
...
175
176
177
(current)
178
179
...
16252
16253
»
Next