Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-12018 The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.
network
low complexity
CWE-862
4.3
4.3
2024-12-12 CVE-2024-12040 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.
network
low complexity
CWE-98
8.8
8.8
2024-12-12 CVE-2024-12059 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode.
network
low complexity
CWE-639
4.3
4.3
2024-12-12 CVE-2024-12072 The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12172 The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
network
low complexity
CWE-862
7.5
7.5
2024-12-12 CVE-2024-12263 The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5.
network
low complexity
CWE-862
4.3
4.3
2024-12-12 CVE-2024-12265 The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17.
network
low complexity
CWE-862
5.3
5.3
2024-12-12 CVE-2024-10182 The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-10590 The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07.
network
low complexity
CWE-434
8.8
8.8
2024-12-12 CVE-2024-10910 The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
CWE-94
7.3
7.3