n/a–n/a
  Missing Authorization vulnerability in allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects : from n/a through 2.0.5. 2024-12-16 4.3 CVE-2024-55994 aasthasolutions–Particle Background
  The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘particleground’ shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11775 Adobe–Acrobat Reader
  Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44515 Adobe–Acrobat Reader
  Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44516 Adobe–Acrobat Reader
  Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44517 Adobe–Acrobat Reader
  Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44519 Adobe–Acrobat Reader
  Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2023-21586 Agency Dominion–Fusion
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. 2024-12-19 6.5 CVE-2024-37962 Aiven-Open–pghoard
  pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-17 6.5 CVE-2024-56142 aklaren–ScanCircle
  The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘scancircle’ shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-11439 Alex W Fowler–Easy Site Importer
  Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1. 2024-12-16 5.4 CVE-2024-56004 amitwpdeveloper–WooCommerce Additional Fees On Checkout (Free)
  The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12395 Apache Software Foundation–Apache Kafka
  Incorrect Implementation of Authentication Algorithm in Apache Kafka’s SCRAM implementation. Issue Summary: Apache Kafka’s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka’s SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below. Fixed Versions: 3.9.0 3.8.1 3.7.2 Users are advised to upgrade to 3.7.2 or later to mitigate this issue. Recommendations for Mitigation: Users unable to upgrade to the fixed versions can mitigate the issue by: – Using TLS with SCRAM Authentication: Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception. – Considering Alternative Authentication Mechanisms: Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security. 2024-12-18 5.3 CVE-2024-56128 Apache Software Foundation–Apache Tomcat
  Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. 2024-12-17 5.3 CVE-2024-54677 Apple–macOS
  A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. 2024-12-20 5.5 CVE-2024-44292 Apple–macOS
  A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information. 2024-12-20 5.5 CVE-2024-44293 Apple–macOS
  A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user’s contacts. 2024-12-20 5.5 CVE-2024-44298 arothman–PCRecruiter Extensions
  The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘PCRecruiter’ shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11776 averta–Shortcodes and extra features for Phlox theme
  The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-12588 averta–Shortcodes and extra features for Phlox theme
  The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-9545 Bastien Ho–EELV Newsletter
  Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2. 2024-12-16 5.4 CVE-2024-54430 bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
  The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. 2024-12-22 4.3 CVE-2024-11852 Beat Kueffer–Termin-Kalender
  Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47. 2024-12-16 6.5 CVE-2024-54354 BeyondTrust–Remote Support(RS) & Privileged Remote Access(PRA)
  A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. 2024-12-18 6.6 CVE-2024-12686 BoldThemes–Bold Page Builder
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. 2024-12-16 4.9 CVE-2024-54382 bplugins–Button Block Get fully customizable & multi-functional buttons
  The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the ‘btn_block_duplicate_post’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. 2024-12-19 4.3 CVE-2024-12560 brandtoss–WP Mailster
  Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. 2024-12-16 4.3 CVE-2024-54355 carlosfrancopkt1–PKT1 Centro de envios
  The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘success’ and ‘error’ parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11806 chrisbadgett–LifterLMS WP LMS for eLearning, Online Courses, & Quizzes
  The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the ‘llms_delete_cert’ action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. 2024-12-18 4.3 CVE-2024-12596 Chunghwa Telecom–topm-client
  The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user’s system. 2024-12-16 6.5 CVE-2024-12645 classcms — classcms
  A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-16 4.7 CVE-2024-12666 code-projects–Job Recruitment
  A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-21 4.3 CVE-2024-12883 code-projects–Online Exam Mastering System
  A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-22 6.3 CVE-2024-12890 code-projects–Online Exam Mastering System
  A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-22 6.3 CVE-2024-12891 codename065–Download Manager
  The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. 2024-12-19 5.3 CVE-2024-11768 codepeople–Calculated Fields Form
  The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. 2024-12-17 5.3 CVE-2024-12601 Codezips–E-Commerce Site
  A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12794 crmperks–CRM Perks WordPress HelpDesk Integration Zendesk, Freshdesk, HelpScout
  The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘crm-perks-tickets’ shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-16 6.4 CVE-2024-12443 cswaim–TPG Get Posts
  The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tpg_get_posts’ shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11906 cyberlord92–Broken Link Checker | Finder
  The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the ‘moblc_check_link’ function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-12-19 5.4 CVE-2024-12121 cyberlord92–Page Restriction WordPress (WP) Protect WP Pages/Post
  The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2024-12-20 5.3 CVE-2024-11297 Dave Kiss–Vimeography
  Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. 2024-12-16 5.3 CVE-2024-54366 David Cramer–Caldera SMTP Mailer
  Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1. 2024-12-16 4.3 CVE-2024-56003 Dell–AppSync
  Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. 2024-12-17 4.4 CVE-2024-52542 Digital Operation Services–WiFiBurada
  Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. 2024-12-17 6.5 CVE-2024-8475 Digital Operation Services–WiFiBurada
  Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. 2024-12-17 4.3 CVE-2024-8429 discourse–discourse
  Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-19 6.8 CVE-2024-52794 discourse–discourse
  Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. 2024-12-19 5.3 CVE-2024-49765 Diversified Technology Corp., WPYog, and Gagan Deep Singh–DTC Documents
  Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through 1.1.05. 2024-12-16 5.4 CVE-2024-54418 Dreamfox–Dreamfox Media Payment gateway per Product for Woocommerce
  Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6. 2024-12-16 6.1 CVE-2024-55996 dusthazard–Popup Surveys & Polls for WordPress (Mare.io)
  Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. 2024-12-16 5.4 CVE-2024-55998 elemntor–Elementor Website Builder More Than Just a Page Builder
  The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-10453 eLightUp–Falcon WordPress Optimizations & Tweaks
  Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3. 2024-12-16 4.3 CVE-2024-54384 envoyproxy–envoy
  Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration. 2024-12-18 4.5 CVE-2024-53269 fabulatech — usb_over_network
  A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12653 fabulatech — usb_over_network
  A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12654 fabulatech — usb_over_network
  A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12655 fabulatech — usb_over_network
  A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12656 fahadmahmood–WP Docs
  The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the ‘dir_id’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0. 2024-12-21 6.5 CVE-2024-12635 feedify–Feedify Web Push Notifications
  The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘platform’, ‘phone’, ’email’, and ‘store_url’ parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11811 financecalculatorwp–Financial Calculator
  The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘finance_calculator’ shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11783 Fortinet–FortiClientMac
  A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript’s garbage collector 2024-12-18 5 CVE-2024-50570 Fortinet–FortiOS
  A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context 2024-12-19 5.4 CVE-2020-12819 Fortinet–FortiOS
  Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. 2024-12-19 5.4 CVE-2020-12820 freeben–Animated Counters
  The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘animatedcounte’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11905 gbsdeveloper–Category Post Slider
  The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘category-post-slider’ shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11878 geoserver–geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-16 5.3 CVE-2024-35230 GitLab–GitLab
  An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. 2024-12-16 5.3 CVE-2024-8116 GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. 2024-12-16 5.3 CVE-2024-8650 HashiCorp–Nomad
  Nomad Community and Nomad Enterprise (“Nomad”) allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. 2024-12-20 6.5 CVE-2024-12678 Hewlett Packard Enterprise (HPE)–HPE Alletra Storage MP B10000
  Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. 2024-12-19 4 CVE-2024-54009 holithemes–WP SHAPES
  The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-20 6.4 CVE-2024-9619 HP–HP Linux Imaging and Printing Software
  The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. 2024-12-19 5.7 CVE-2020-6923 IBM–Cognos Analytics
  IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. 2024-12-18 6.8 CVE-2024-45082 IBM–Cognos Analytics
  IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. 2024-12-18 5.4 CVE-2024-25042 IBM–Cognos Analytics
  IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. 2024-12-18 5.4 CVE-2024-41752 IBM–Cognos Analytics Mobile for Android
  IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2024-12-19 5.9 CVE-2021-39081 IBM–Db2 for Linux, UNIX and Windows
  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. 2024-12-19 5.3 CVE-2023-30443 IBM–i
  IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. 2024-12-18 6.8 CVE-2024-47104 IBM–i
  IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. 2024-12-21 5.4 CVE-2024-51463 IBM–i
  IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. 2024-12-21 4.3 CVE-2024-51464 IBM–InfoSphere Information Server
  IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 2024-12-19 5.2 CVE-2021-29827 IBM–MQ
  IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. 2024-12-18 6.5 CVE-2024-51470 IBM–MQ Appliance
  IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. 2024-12-19 6.2 CVE-2024-52896 IBM–MQ Appliance
  IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. 2024-12-19 6.2 CVE-2024-52897 IBM–MQ Appliance
  IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. 2024-12-19 5.3 CVE-2024-51471 IBM–Robotic Process Automation
  IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. 2024-12-19 4.6 CVE-2022-33954 IBM–Security Directory Integrator
  IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. 2024-12-20 6.8 CVE-2024-28767 IBM–Security Guardium
  IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. 2024-12-19 6.5 CVE-2024-49336 IBM–Security Guardium Key Lifecycle Manager
  IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. 2024-12-17 4.9 CVE-2024-49816 IBM–Security Guardium Key Lifecycle Manager
  IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. 2024-12-17 4.4 CVE-2024-49817 IBM–Security Guardium Key Lifecycle Manager
  IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2024-12-17 4.3 CVE-2024-49818 IBM–Security Guardium Key Lifecycle Manager
  IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. 2024-12-17 4.1 CVE-2024-49819 IBM–Sterling B2B Integrator
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-12-19 5.4 CVE-2021-20553 IBM–Storage Defender – Resiliency Service
  IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. 2024-12-18 5.9 CVE-2024-47119 IBM–Storage Defender – Resiliency Service
  IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod. 2024-12-18 5.7 CVE-2024-52361 IBM–Storage Defender – Resiliency Service
  IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. 2024-12-18 4.4 CVE-2023-50956 ideaboxcreations–PowerPack Lite for Beaver Builder
  The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12239 Ilja Zaglov | IMBAA GmbH–Responsive Google Maps | by imbaa
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5. 2024-12-16 6.5 CVE-2024-56011 Intelbras–VIP S3020 G2
  A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that “the information disclosed in the URL is not sensitive or poses any risk to the user”. 2024-12-22 5.3 CVE-2024-12896 iobit — advanced_systemcare_ultimate
  A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12657 iobit — advanced_systemcare_ultimate
  A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12658 iobit — advanced_systemcare_ultimate
  A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12659 iobit — advanced_systemcare_ultimate
  A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been declared as problematic. Affected by this vulnerability is the function 0x8001E018 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12660 iobit — advanced_systemcare_ultimate
  A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12662 IObit–Advanced SystemCare Utimate
  A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12661 iovamihai–Affiliate Program Suite SliceWP Affiliates
  The Affiliate Program Suite – SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-18 6.1 CVE-2024-12454 itsourcecode–Vehicle Management System
  A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12784 itsourcecode–Vehicle Management System
  A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12785 Jake H.–Youtube Video Grid
  Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9. 2024-12-16 6.5 CVE-2024-54408 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles 2024-12-20 6.3 CVE-2024-56351 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs 2024-12-20 5.3 CVE-2024-56349 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies 2024-12-20 5.5 CVE-2024-56353 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission 2024-12-20 5.5 CVE-2024-56354 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack 2024-12-20 5.9 CVE-2024-56356 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents 2024-12-20 4.3 CVE-2024-56348 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects 2024-12-20 4.3 CVE-2024-56350 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page 2024-12-20 4.6 CVE-2024-56352 JetBrains–TeamCity
  In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS 2024-12-20 4.6 CVE-2024-56355 Jozoor–Arabic Webfonts
  Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. 2024-12-16 4.3 CVE-2024-54402 kanboard–kanboard
  Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`). Thus, a session which’s lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-19 6.5 CVE-2024-55603 Kioxia–CM6
  There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive’s circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up. 2024-12-20 6.8 CVE-2024-7726 Ksher–Ksher
  Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1. 2024-12-16 6.5 CVE-2024-56001 LDAPAccountManager–lam
  LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-17 6.5 CVE-2024-52792 Liferay–Portal
  Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy’s `Service Class` text field. 2024-12-17 4.8 CVE-2023-37940 Llus Corts–Better WP Login Page
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lluís Cortès Better WP Login Page allows Stored XSS.This issue affects Better WP Login Page: from n/a through 1.1.2. 2024-12-16 5.9 CVE-2024-54442 logichunt–Portfolio Filterable Masonry Portfolio Gallery for Professionals
  The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘portfolio-pro’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11900 louislam–uptime-kuma
  Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **”real-browser”** request type, which takes a screenshot of the URL provided by the attacker. By supplying local file paths, such as `file:///etc/passwd`, an attacker can read sensitive data from the server. This vulnerability arises because the system does not properly validate or sanitize the user input for the URL field. Specifically: 1. The URL input (`<input data-v-5f5c86d7=”” id=”url” type=”url” class=”form-control” pattern=”https?://.+” required=””>`) allows users to input arbitrary file paths, including those using the `file:///` protocol, without server-side validation. 2. The server then uses the user-provided URL to make a request, passing it to a browser instance that performs the “real-browser” request, which takes a screenshot of the content at the given URL. If a local file path is entered (e.g., `file:///etc/passwd`), the browser fetches and captures the file’s content. Since the user input is not validated, an attacker can manipulate the URL to request local files (e.g., `file:///etc/passwd`), and the system will capture a screenshot of the file’s content, potentially exposing sensitive data. Any **authenticated user** who can submit a URL in “real-browser” mode is at risk of exposing sensitive data through screenshots of these files. This issue has been addressed in version 1.23.16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-20 6.8 CVE-2024-56331 madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
  The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. 2024-12-18 5.3 CVE-2024-11291 magblogapi–NACC WordPress Plugin
  The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘nacc’ shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-12506 Mansur Ahamed–Ui Slider Filter By Price
  Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1. 2024-12-16 5.4 CVE-2024-54419 mantrabrain–Learning Management System, eLearning, Course Builder, WordPress LMS Plugin Sikshya LMS
  The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12127 Marco Giannini–XML Multilanguage Sitemap Generator
  Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6. 2024-12-16 5.3 CVE-2024-55999 Mattermost–Mattermost
  Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post. 2024-12-16 6.5 CVE-2024-54083 Mattermost–Mattermost
  Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin. 2024-12-16 6.5 CVE-2024-54682 Mattermost–Mattermost
  Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. 2024-12-16 5.7 CVE-2024-11358 Mattermost–Mattermost
  Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of “Max failed attempts” restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests 2024-12-16 4.8 CVE-2024-48872 Meini–Utech World Time
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Meini Utech World Time allows Stored XSS.This issue affects Utech World Time: from n/a through 1.0. 2024-12-16 6.5 CVE-2024-54441 memberful–Memberful Membership Plugin
  The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members. 2024-12-17 5.3 CVE-2024-11294 Microsoft–Windows
  An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. 2024-12-18 5 CVE-2022-40732 Microsoft–Windows
  An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. 2024-12-18 5 CVE-2022-40733 misskey-dev–misskey
  Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-18 6.4 CVE-2024-52579 mohammed_kaludi–AMP for WP Accelerated Mobile Pages
  The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-18 6.1 CVE-2024-11254 moonheart–G Web Pro Store Locator
  The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘q’ parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-11682 motovnet–Ebook Store
  The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-11287 motovnet–Ebook Store
  The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘step’ parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-12262 n/a–Emlog Pro
  A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-20 4.3 CVE-2024-12841 n/a–Emlog Pro
  A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-20 4.3 CVE-2024-12842 n/a–Emlog Pro
  A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-20 4.3 CVE-2024-12843 n/a–Emlog Pro
  A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-20 4.3 CVE-2024-12844 n/a–Emlog Pro
  A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-21 4.3 CVE-2024-12846 n/a–InvoicePlane
  A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. 2024-12-16 6.3 CVE-2024-12478 n/a–InvoicePlane
  A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. 2024-12-16 4.3 CVE-2024-12362 n/a–n/a
  A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2024-12-17 6.5 CVE-2024-37605 n/a–n/a
  A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2024-12-17 6.5 CVE-2024-37606 n/a–n/a
  A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2024-12-17 6.5 CVE-2024-37607 n/a–n/a
  A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php. 2024-12-17 6.1 CVE-2024-55059 n/a–n/a
  Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter. 2024-12-20 6.5 CVE-2024-55471 n/a–n/a
  Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). 2024-12-18 6.1 CVE-2024-55492 n/a–n/a
  A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. 2024-12-17 6.3 CVE-2024-55514 n/a–n/a
  CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php. 2024-12-16 6.1 CVE-2024-56112 n/a–n/a
  In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users’ browsers under specific conditions: XSS from client-side template injection in list item names. 2024-12-18 6.1 CVE-2024-56175 n/a–n/a
  A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information. 2024-12-17 5.7 CVE-2024-10973 n/a–n/a
  A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. 2024-12-17 5.3 CVE-2024-36831 n/a–n/a
  A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field. 2024-12-17 5.4 CVE-2024-55056 n/a–n/a
  Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts. 2024-12-17 5.4 CVE-2024-55057 n/a–n/a
  A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage. 2024-12-16 5.4 CVE-2024-55452 n/a–n/a
  Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. 2024-12-16 5.4 CVE-2024-55554 n/a–n/a
  An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. 2024-12-16 5.9 CVE-2024-56085 n/a–n/a
  An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. 2024-12-16 5.9 CVE-2024-56087 n/a–n/a
  An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. 2024-12-16 4.8 CVE-2024-37773 n/a–n/a
  A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. 2024-12-16 4.8 CVE-2024-37776 n/a–n/a
  Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. 2024-12-18 4.3 CVE-2024-49201 n/a–n/a
  An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks. 2024-12-17 4.3 CVE-2024-55058 n/a–n/a
  A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter. 2024-12-16 4.8 CVE-2024-55100 n/a–n/a
  An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. 2024-12-20 4.3 CVE-2024-55186 n/a–n/a
  A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. 2024-12-20 4.7 CVE-2024-55341 n/a–n/a
  A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. 2024-12-20 4.7 CVE-2024-55342 n/a–n/a
  A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users’ browsers, potentially leading to the theft of sensitive tokens. 2024-12-16 4.8 CVE-2024-55451 n/a–n/a
  In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users’ browsers under specific conditions: XSS from JavaScript in an SVG document. 2024-12-18 4.7 CVE-2024-56173 n/a–PbootCMS
  A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component. 2024-12-19 6.3 CVE-2024-12789 n/a–PbootCMS
  A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component. 2024-12-19 4.3 CVE-2024-12793 NextGeography–NG Analyser
  Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. 2024-12-17 6.5 CVE-2024-9819 nicheaddons–Events Addon for Elementor
  The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-18 4.3 CVE-2024-12061 ninjateam–File Manager Pro Filester
  The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_install_plugin’ function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin. 2024-12-19 4.3 CVE-2024-12331 Open Tools–WooCommerce Basic Ordernumbers
  Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4. 2024-12-16 5.4 CVE-2024-55992 outdooractive–Outdooractive Embed
  The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘list2go’ shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11774 philantro–Philantro Donations and Donor Management
  The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes like ‘donate’ in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-12500 PickPlugins–Job Board Manager
  Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through 2.1.60. 2024-12-16 5.3 CVE-2024-55993 pingmeter–Pingmeter Uptime Monitoring
  The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-11808 Pixelgrade–PixProof
  Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1. 2024-12-16 5.3 CVE-2024-54417 pkthree–Peters Custom Anti-Spam
  The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-18 5.4 CVE-2024-12554 pluginsandsnippets–Simple Page Access Restriction
  The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. 2024-12-18 5.3 CVE-2024-11295 Pluginscafe–Advanced Data Table For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0. 2024-12-16 6.5 CVE-2024-54443 Posti–Posti Shipping
  Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3. 2024-12-16 6.5 CVE-2024-56005 premila–Gutensee
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1. 2024-12-16 6.5 CVE-2024-54360 puckrobin–WP BASE Booking of Appointments, Services and Events
  The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12469 puckrobin–WP BASE Booking of Appointments, Services and Events
  The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password. 2024-12-21 6.5 CVE-2024-12558 QNAP Systems Inc.–QTS
  An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later 2024-12-19 6.8 CVE-2022-27600 QNAP Systems Inc.–QuFirewall
  A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later 2024-12-19 5.5 CVE-2023-23356 QNAP Systems Inc.–QuLog Center
  A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later 2024-12-19 4.8 CVE-2023-23357 quomodosoft–ElementsReady Addons for Elementor
  The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-12-17 4.3 CVE-2024-10356 Ram Segev–Leader
  Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1. 2024-12-16 4.3 CVE-2024-56007 reactflow–Reactflow Visitor Recording and Heatmaps
  The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-11975 realmaster-1–real.Kit
  The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-12697 Red Hat–Red Hat OpenShift Container Platform 4
  An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. 2024-12-18 6.5 CVE-2024-12698 Red Hat–Red Hat Satellite 6
  A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. 2024-12-20 5 CVE-2024-12840 rewardsfuel–Contests by Rewards Fuel
  The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘RF_CONTEST’ shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-12513 rluks–Embed Twine
  The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embed_twine’ shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-12509 Ryan–Bet sport Free
  Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0. 2024-12-16 4.3 CVE-2024-54396 seopilot–Wtyczka SeoPilot dla WP
  The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11812 shabti–Frontend Admin by DynamiApps
  The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page. 2024-12-21 5.9 CVE-2024-11722 ShineTheme–Travel Booking WordPress Theme
  The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘__stPartnerCreateServiceRental’, ‘st_delete_order_item’, ‘_st_partner_approve_booking’, ‘save_order_item’, and ‘__userDenyEachInfo’ functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information. 2024-12-18 6.5 CVE-2024-11926 Sierra Wireless–AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.
  An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status. 2024-12-21 5.3 CVE-2023-31280 silabs.com–RS9116 Bluetooth SDK
  The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. 2024-12-19 6.5 CVE-2024-7137 silabs.com–RS9116 Bluetooth SDK
  An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device. 2024-12-19 6.5 CVE-2024-7138 silabs.com–RS9116 Bluetooth SDK
  Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.  If a watchdog timer is not enabled, a hard reset is required to recover the device. 2024-12-19 6.5 CVE-2024-7139 sisoog– 
  The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11331 slopeit–Slope Widgets
  The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slope-reservations’ shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11902 smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy
  The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-12-21 4.9 CVE-2024-12875 socratous139–Spotlightr
  The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spotlightr-v’ shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11411 solitweb–Full Screen Menu for Elementor
  The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. 2024-12-21 4.3 CVE-2024-10797 spoki–Spoki Chat Buttons and WooCommerce Notifications
  The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spoki_button’ shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11893 spreadr–Spreadr Woocommerce
  Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. 2024-12-16 5.3 CVE-2024-56009 taeggie–Taeggie Feed
  The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘taeggie-feed’ shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-11748 theafricanboss–SMS for WooCommerce
  The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12220 ThemeFusion–Avada
  Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. 2024-12-16 4.3 CVE-2024-54357 ticketsource–Sell Tickets Online TicketSource Ticket Shop
  The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ticketshop’ shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11784 tomroyal–Stop Registration Spam
  The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12219 TreasureHuntGame–TreasureHunt
  A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. 2024-12-22 6.3 CVE-2024-12894 TreasureHuntGame–TreasureHunt
  A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. 2024-12-22 6.3 CVE-2024-12895 Trellix–DLP Extension
  A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. 2024-12-16 5.3 CVE-2024-9679 Trellix–DLP Extension
  An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution. 2024-12-16 4.9 CVE-2024-9678 Trellix–ePO Onprem Sp1 Update4
  Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator. 2024-12-20 5.4 CVE-2024-5955 tugbucket–Multi-column Tag Map
  The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-11196 tymotey–Easy Waveform Player
  The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘easywaveformplayer’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-11881 Unknown–Cost Calculator Builder
  The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. 2024-12-18 5.4 CVE-2024-10892 Unknown–Download Manager
  The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-20 4.8 CVE-2024-10706 Unknown–Serious Slider
  The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2024-12-20 5.4 CVE-2024-11108 Unknown–The Events Calendar
  The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. 2024-12-16 5.3 CVE-2024-5333 Unknown–Tithe.ly Giving Button
  The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2024-12-16 5.4 CVE-2024-11841 Unknown–WordPress Button Plugin MaxButtons
  The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-20 4.8 CVE-2024-10555 Unknown–WordPress Button Plugin MaxButtons
  The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-20 4.7 CVE-2024-8968 van-abel–LaTeX2HTML
  The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ver’ or ‘date’ parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-11688 vCita.com–Online Booking & Scheduling Calendar for WordPress by vcita
  Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5. 2024-12-16 5.4 CVE-2024-54356 videowhisper–Video Share VOD Turnkey Video Site Builder Script
  The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_player_html’ shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-12449 vivo–Alarm clock
  Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. 2024-12-17 5.5 CVE-2021-26281 vivo–Weather
  Some parameters of the weather module are improperly stored, leaking some sensitive information. 2024-12-17 5.9 CVE-2021-26279 vivo–Wifi
  When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks. 2024-12-17 6.4 CVE-2020-12484 vivo–Wifi
  The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device. 2024-12-17 6.3 CVE-2021-26278 wbolt–MagicPost WordPress
  The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-12591 wealcoder–Animation Addons for Elementor
  The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the ‘render’ function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. 2024-12-18 4.3 CVE-2024-12340 Web Chunky–Order Delivery & Pickup Location Date Time
  Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0. 2024-12-18 6.5 CVE-2024-55997 wedevs–WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts
  The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List (‘/wp-json/pm/v2/projects/1/task-lists’) REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators). 2024-12-19 6.5 CVE-2024-10548 withastro–astro
  Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-18 5.9 CVE-2024-56140 WPENGINE, INC.–Advanced Custom Fields PRO
  Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2. 2024-12-16 4.3 CVE-2024-37251 wpseahorse–WP on AWS
  The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-21 6.1 CVE-2024-12408 wpswings–One Click Upsell Funnel for WooCommerce Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder
  The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-11938 yasinedr–Maintenance & Coming Soon Redirect Animation
  The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wploti_add_whitelisted_roles_option’, ‘wploti_remove_whitelisted_roles_option’, ‘wploti_add_whitelisted_users_option’, ‘wploti_remove_whitelisted_users_option’, and ‘wploti_uploaded_animation_save_option’ functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings. 2024-12-20 4.3 CVE-2024-9503 YayCommerce–Brand
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6. 2024-12-16 6.5 CVE-2024-54348 Yudiz Solutions Ltd.–WP Menu Image
  Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2. 2024-12-18 6.5 CVE-2024-52485 yuryonfolio–PPWP Password Protect Pages
  The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2024-12-17 5.3 CVE-2024-11280 zealopensource–Accept Authorize.NET Payments Using Contact Form 7
  The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks. 2024-12-18 5.3 CVE-2024-12250