| 2024-12-13 | CVE-2024-11012 | The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. | 6.3 |
| 2024-12-13 | CVE-2024-9290 | The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. network low complexity CWE-434 critical | 9.8 |
| 2024-12-13 | CVE-2024-11275 | The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. | 4.3 |
| 2024-12-13 | CVE-2024-11754 | The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-13 | CVE-2024-11832 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2024-11910 | Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2024-11911 | Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. | 4.3 |
| 2024-12-13 | CVE-2024-12042 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. | 5.4 |
| 2024-12-13 | CVE-2024-12309 | The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. | 5.3 |
| 2024-12-13 | CVE-2024-12414 | The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. | 4.3 |