2024-11-28 | CVE-2024-11960 | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability was found in D-Link DIR-605L 2.13B01. | 8.8 |
2024-11-28 | CVE-2024-11961 | Unspecified vulnerability in Huayi-Tec Jeewms 3.7 A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. | 7.5 |
2024-11-28 | CVE-2024-7747 | The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. | 6.5 |
2024-11-28 | CVE-2024-52481 | Unspecified vulnerability in Astoundify Jobify Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 7.5 |
2024-11-28 | CVE-2024-53737 | Cross-site Scripting vulnerability in Wpmailster WP Mailster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0. | 5.4 |
2024-11-28 | CVE-2024-10670 | The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-11-28 | CVE-2024-10780 | The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-11-28 | CVE-2024-10798 | Authorization Bypass Through User-Controlled Key vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-11-28 | CVE-2024-11203 | The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. | 6.4 |
2024-11-28 | CVE-2024-11333 | The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |