Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-24 CVE-2024-12266 The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7.
network
low complexity
CWE-862
6.5
2024-12-24 CVE-2024-12507 The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-24 CVE-2024-12518 The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-24 CVE-2024-12617 The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3.
network
low complexity
CWE-862
5.4
2024-12-24 CVE-2024-12710 The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-12-23 CVE-2024-53961 Unspecified vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read.
network
high complexity
adobe
8.1
2024-12-23 CVE-2024-45387 SQL Injection vulnerability in Apache Traffic Control 8.0.0/8.0.1
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
network
low complexity
apache CWE-89
8.8
2024-12-23 CVE-2024-12902 ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine.
local
low complexity
8.4
2024-12-23 CVE-2024-11230 Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4
2024-12-23 CVE-2024-12898 SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8