| 2024-12-21 | CVE-2024-11975 | The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. | 6.1 |
| 2024-12-21 | CVE-2024-12066 | The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. | 8.8 |
| 2024-12-21 | CVE-2024-12262 | Cross-site Scripting vulnerability in Shopfiles Ebook Store
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-12635 | SQL Injection vulnerability in Androidbubble WP Docs
The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-21 | CVE-2024-12697 | The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-12-21 | CVE-2024-12721 | Deserialization of Untrusted Data vulnerability in Webbuilder143 Custom Product Tabs for Woocommerce
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. | 7.2 |
| 2024-12-21 | CVE-2024-12771 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. | 8.8 |
| 2024-12-21 | CVE-2024-11977 | The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. | 7.3 |
| 2024-12-21 | CVE-2024-11349 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. network low complexity CWE-288 critical | 9.8 |
| 2024-12-21 | CVE-2024-12846 | Cross-site Scripting vulnerability in Emlog
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. | 4.8 |