| 2024-12-17 | CVE-2024-10356 | Information Exposure vulnerability in Quomodosoft Elementsready
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. | 4.3 |
| 2024-12-17 | CVE-2024-9819 | Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 6.5 |
| 2024-12-17 | CVE-2024-11280 | The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. | 5.3 |
| 2024-12-17 | CVE-2024-12395 | The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-17 | CVE-2024-12601 | The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. | 5.3 |
| 2024-12-17 | CVE-2024-52542 | Link Following vulnerability in Dell Appsync
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. | 5.5 |
| 2024-12-17 | CVE-2024-8429 | Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. | 4.3 |
| 2024-12-17 | CVE-2024-8475 | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | 6.5 |
| 2024-12-17 | CVE-2024-9654 | Incorrect Authorization vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. | 3.7 |
| 2024-12-17 | CVE-2024-12024 | Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. | 6.1 |