Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-25 CVE-2024-12335 The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-25 CVE-2024-12428 The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
2024-12-25 CVE-2024-12636 The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6.
network
low complexity
CWE-352
4.3
2024-12-25 CVE-2024-12032 The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
2024-12-25 CVE-2024-12190 The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including, 2.17.3.
network
low complexity
CWE-862
4.3
2024-12-25 CVE-2024-12272 The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets.
network
low complexity
CWE-98
8.8
2024-12-25 CVE-2024-12413 The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00.
network
low complexity
CWE-862
5.3
2024-12-24 CVE-2024-53145 Integer Overflow or Wraparound vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.
local
low complexity
linux CWE-190
5.5
2024-12-24 CVE-2024-53146 Integer Overflow or Wraparound vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow.
local
low complexity
linux CWE-190
5.5
2024-12-24 CVE-2024-53149 Off-by-one Error vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing Type-C orientation reporting for the third USB-C connector.
low complexity
linux CWE-193
4.6