| 2025-01-08 | CVE-2024-12851 | Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-08 | CVE-2024-12852 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-08 | CVE-2024-9673 | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-08 | CVE-2024-10585 | The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. | 5.3 |
| 2025-01-08 | CVE-2024-11270 | Missing Authorization vulnerability in Webinarpress
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. | 8.8 |
| 2025-01-08 | CVE-2024-11271 | Missing Authorization vulnerability in Webinarpress
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. | 4.3 |
| 2025-01-08 | CVE-2024-12030 | The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-08 | CVE-2024-12205 | The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-08 | CVE-2024-11816 | Missing Authorization vulnerability in Wpextended Ultimate Wordpress Toolkit
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. | 8.8 |
| 2025-01-08 | CVE-2024-11916 | Cross-site Scripting vulnerability in Wpextended Ultimate Wordpress Toolkit
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. | 5.4 |