2024-12-04 | CVE-2024-11935 | The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-04 | CVE-2024-11854 | The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-04 | CVE-2024-54153 | Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | 6.5 |
2024-12-04 | CVE-2024-54154 | Path Traversal vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | 9.8 |
2024-12-04 | CVE-2024-54155 | Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | 5.3 |
2024-12-04 | CVE-2024-54156 | Unspecified vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | 6.5 |
2024-12-04 | CVE-2024-54157 | Unspecified vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | 6.5 |
2024-12-04 | CVE-2024-54158 | Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | 5.3 |
2024-12-04 | CVE-2024-8962 | Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-12-04 | CVE-2024-11814 | The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. | 6.1 |