Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-17	CVE-2024-12220	The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. network low complexity CWE-352	6.1
2024-12-17	CVE-2024-9624	The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. network low complexity CWE-918	7.6
2024-12-17	CVE-2024-12356	Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. network low complexity beyondtrust CWE-77 critical	9.8
2024-12-17	CVE-2024-12239	The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-17	CVE-2024-11900	The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11902	The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11905	The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11906	The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-16	CVE-2024-12443	The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-16	CVE-2024-12664	Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5 A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. network low complexity ruifang-tech CWE-79	5.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities