Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-12153 The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91.
network
low complexity
CWE-79
6.1
6.1
2025-01-07 CVE-2024-12157 The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-01-07 CVE-2024-12158 The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6.
network
low complexity
CWE-862
5.3
5.3
2025-01-07 CVE-2024-12159 The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible.
network
low complexity
CWE-200
5.3
5.3
2025-01-07 CVE-2024-12170 The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15.
network
low complexity
CWE-352
5.4
5.4
2025-01-07 CVE-2024-12176 The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0.
network
low complexity
CWE-862
5.3
5.3
2025-01-07 CVE-2024-12207 The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-01-07 CVE-2024-12208 The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50.
network
low complexity
CWE-352
4.3
4.3
2025-01-07 CVE-2024-12214 The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07 CVE-2024-12252 The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1.
network
low complexity
CWE-94
critical
 9.8
9.8