VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-07
CVE-2024-11810
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12049
The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12124
The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12126
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12140
The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included.
network
low complexity
CWE-200
4.3
4.3
2025-01-07
CVE-2024-12153
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91.
network
low complexity
CWE-79
6.1
6.1
2025-01-07
CVE-2024-12158
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6.
network
low complexity
CWE-862
5.3
5.3
2025-01-07
CVE-2024-12159
The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible.
network
low complexity
CWE-200
5.3
5.3
2025-01-07
CVE-2024-12170
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15.
network
low complexity
CWE-352
5.4
5.4
2025-01-07
CVE-2024-12176
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0.
network
low complexity
CWE-862
5.3
5.3
«
Previous
1
2
...
147
148
149
(current)
150
151
...
7023
7024
»
Next