| 2024-12-10 | CVE-2024-11945 | The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-12-10 | CVE-2024-11973 | The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-10 | CVE-2024-11940 | The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-12-10 | CVE-2024-45709 | Path Traversal vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. | 5.5 |
| 2024-12-10 | CVE-2023-6947 | Path Traversal vulnerability in Fooplugins Foogallery 2.4.15
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. | 7.7 |
| 2024-12-10 | CVE-2024-11205 | The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. | 8.5 |
| 2024-12-10 | CVE-2024-9672 | Cross-site Scripting vulnerability in Papercut MF
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. | 5.4 |
| 2024-12-09 | CVE-2024-12369 | A vulnerability was found in OIDC-Client. | 4.2 |
| 2024-12-09 | CVE-2024-54922 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | 7.2 |
| 2024-12-09 | CVE-2024-54930 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | 7.2 |