Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-17	CVE-2024-12127	The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. network low complexity CWE-80	6.1
2024-12-17	CVE-2024-12469	The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-17	CVE-2024-8326	The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. network low complexity CWE-200	8.8
2024-12-17	CVE-2024-11294	The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. network low complexity CWE-200	5.3
2024-12-17	CVE-2024-12293	The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. network low complexity CWE-352	8.8
2024-12-17	CVE-2024-12219	The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. network low complexity CWE-352	6.1
2024-12-17	CVE-2024-12220	The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. network low complexity CWE-352	6.1
2024-12-17	CVE-2024-9624	The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. network low complexity CWE-918	7.6
2024-12-17	CVE-2024-12356	Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. network low complexity beyondtrust CWE-77 critical	9.8
2024-12-17	CVE-2024-12239	The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities