CVE Sentinel
@cve-notifications.bsky.social
CVE Sentinel is an automated service designed to keep the cybersecurity community informed about the latest vulnerabilities.
Created by @incredincomp.com
#security #infosec
This product uses the NVD API but is not endorsed or certified by the NVD.
Created by @incredincomp.com
#security #infosec
This product uses the NVD API but is not endorsed or certified by the NVD.
ID: CVE-2025-1464
CVSS V4.0: MEDIUM
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of...
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 2:15 PM
ID: CVE-2025-1464
CVSS V4.0: MEDIUM
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of...
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of...
#security #infosec #cve-alert
ID: CVE-2025-0968
CVSS V3.1: MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:16 PM
ID: CVE-2025-0968
CVSS V3.1: MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This...
#security #infosec #cve-alert
ID: CVE-2025-0916
CVSS V3.1: HIGH
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:16 PM
ID: CVE-2025-0916
CVSS V3.1: HIGH
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input...
#security #infosec #cve-alert
ID: CVE-2024-13534
CVSS V3.1: HIGH
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13534
CVSS V3.1: HIGH
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient...
#security #infosec #cve-alert
ID: CVE-2024-13533
CVSS V3.1: HIGH
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13533
CVSS V3.1: HIGH
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and...
#security #infosec #cve-alert
ID: CVE-2024-13491
CVSS V3.1: HIGH
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13491
CVSS V3.1: HIGH
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on...
#security #infosec #cve-alert
ID: CVE-2024-13485
CVSS V3.1: HIGH
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13485
CVSS V3.1: HIGH
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the...
#security #infosec #cve-alert
ID: CVE-2024-13483
CVSS V3.1: HIGH
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13483
CVSS V3.1: HIGH
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user...
#security #infosec #cve-alert
ID: CVE-2024-13481
CVSS V3.1: HIGH
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13481
CVSS V3.1: HIGH
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the...
#security #infosec #cve-alert
ID: CVE-2024-13479
CVSS V3.1: HIGH
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13479
CVSS V3.1: HIGH
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
ID: CVE-2024-13478
CVSS V3.1: HIGH
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 12:15 PM
ID: CVE-2024-13478
CVSS V3.1: HIGH
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
ID: CVE-2025-1075
CVSS V4.0: MEDIUM
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 10:15 AM
ID: CVE-2025-1075
CVSS V4.0: MEDIUM
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
#security #infosec #cve-alert
ID: CVE-2024-13489
CVSS V3.1: HIGH
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 10:15 AM
ID: CVE-2024-13489
CVSS V3.1: HIGH
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on...
#security #infosec #cve-alert
CVSS V3.1: HIGH
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on...
#security #infosec #cve-alert
ID: CVE-2025-1135
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1135
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
ID: CVE-2025-1134
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1134
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
ID: CVE-2025-1133
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality....
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality....
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1133
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality....
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality....
#security #infosec #cve-alert
ID: CVE-2025-1132
CVSS V4.0: CRITICAL
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1132
CVSS V4.0: CRITICAL
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper...
#security #infosec #cve-alert
CVSS V4.0: CRITICAL
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper...
#security #infosec #cve-alert
ID: CVE-2025-1024
CVSS V4.0: HIGH
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires...
#security #infosec #cve-alert
CVSS V4.0: HIGH
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1024
CVSS V4.0: HIGH
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires...
#security #infosec #cve-alert
CVSS V4.0: HIGH
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires...
#security #infosec #cve-alert
ID: CVE-2025-1007
CVSS V4.0: MEDIUM
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,...
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2025-1007
CVSS V4.0: MEDIUM
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,...
#security #infosec #cve-alert
CVSS V4.0: MEDIUM
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,...
#security #infosec #cve-alert
ID: CVE-2024-13364
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2024-13364
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it...
#security #infosec #cve-alert
ID: CVE-2024-13363
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2024-13363
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
ID: CVE-2024-13339
CVSS V3.1: MEDIUM
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2024-13339
CVSS V3.1: MEDIUM
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'...
#security #infosec #cve-alert
ID: CVE-2024-13336
CVSS V3.1: MEDIUM
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2024-13336
CVSS V3.1: MEDIUM
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This...
#security #infosec #cve-alert
ID: CVE-2024-13231
CVSS V3.1: MEDIUM
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,...
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 9:15 AM
ID: CVE-2024-13231
CVSS V3.1: MEDIUM
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,...
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,...
#security #infosec #cve-alert
ID: CVE-2025-0865
CVSS V3.1: MEDIUM
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function....
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function....
#security #infosec #cve-alert
nvd.nist.gov
February 19, 2025 at 8:16 AM
ID: CVE-2025-0865
CVSS V3.1: MEDIUM
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function....
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function....
#security #infosec #cve-alert