| 2024-12-14 | CVE-2024-12517 | The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-14 | CVE-2024-12523 | The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-14 | CVE-2024-12555 | The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. | 6.1 |
| 2024-12-14 | CVE-2024-12578 | The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. | 5.3 |
| 2024-12-14 | CVE-2024-9698 | The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. | 7.2 |
| 2024-12-13 | CVE-2024-55956 | Command Injection vulnerability in Cleo Harmony, Lexicom and Vltrader
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 9.8 |
| 2024-12-13 | CVE-2022-45806 | Missing Authorization vulnerability in Strategy11 Formidable Forms
Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | 9.8 |
| 2024-12-13 | CVE-2023-40003 | Missing Authorization vulnerability in Wedevs WP Project Manager
Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | 9.8 |
| 2024-12-13 | CVE-2023-40005 | Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. network low complexity CWE-862 critical | 9.8 |
| 2024-12-13 | CVE-2024-24902 | Unspecified vulnerability in Dell Recoverpoint for Virtual Machines 6.0
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. local low complexity dell | 5.5 |