| 2025-01-04 | CVE-2024-12195 | SQL Injection vulnerability in Wedevs WP Project Manager
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-04 | CVE-2024-12279 | The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. | 6.1 |
| 2025-01-04 | CVE-2024-12475 | Cross-site Scripting vulnerability in Wpexperts WP Multi Store Locator 2.4
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-04 | CVE-2024-12221 | The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-04 | CVE-2024-11930 | Cross-site Scripting vulnerability in Taskbuilder
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-04 | CVE-2024-11974 | The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-04 | CVE-2024-12047 | The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-04 | CVE-2024-12545 | The Scratch & Win – Giveaways and Contests. | 5.4 |
| 2025-01-04 | CVE-2024-12701 | The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-04 | CVE-2025-0201 | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. | 6.5 |