| 2024-12-24 | CVE-2024-12266 | The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. | 6.5 |
| 2024-12-24 | CVE-2024-12507 | The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-24 | CVE-2024-12518 | The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-24 | CVE-2024-12617 | The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. | 5.4 |
| 2024-12-24 | CVE-2024-12710 | The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-23 | CVE-2024-53961 | Unspecified vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. network high complexity adobe | 8.1 |
| 2024-12-23 | CVE-2024-45387 | SQL Injection vulnerability in Apache Traffic Control 8.0.0/8.0.1
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | 8.8 |
| 2024-12-23 | CVE-2024-12902 | ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. | 8.4 |
| 2024-12-23 | CVE-2024-11230 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-23 | CVE-2024-12898 | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |