1clickdesigns–ClickDesigns
  The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘clickdesigns_add_api’ and the ‘clickdesigns_remove_api’ functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin’s API key. 2025-01-07 5.3 CVE-2024-12559 3dvieweronline–3DVieweronline
  The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘3Dvo-model’ shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12514 4wpbari–Qr Code and Barcode Scanner Reader
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0. 2025-01-09 6.5 CVE-2025-22819 5 Star Plugins–Pretty Simple Popup Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.9. 2025-01-07 5.9 CVE-2024-56298 a3rev–Compare Products for WooCommerce
  The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s_feature’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12435 AazzTech–WP Cookie
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AazzTech WP Cookie allows Stored XSS.This issue affects WP Cookie: from n/a through 1.0.0. 2025-01-07 5.9 CVE-2025-22578 ABB–AC500 V3
  An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. 2025-01-07 4.3 CVE-2024-12429 add-ons.org–Email Templates Customizer for WordPress Drag And Drop Email Templates Builder YeeMail
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4. 2025-01-09 6.5 CVE-2025-22802 AddFunc–AddFunc Mobile Detect
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AddFunc AddFunc Mobile Detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through 3.1. 2025-01-07 6.5 CVE-2025-22550 AIpost–AI WP Writer
  Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through 3.8.4.4. 2025-01-07 4.3 CVE-2025-22297 aiwp–Elementor Addons AI Addons 70 Widgets, Premium Templates, Ultimate Elements
  The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to. 2025-01-07 4.3 CVE-2024-12140 akshay-menariya–Export Import Menus
  The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings. 2025-01-07 5.3 CVE-2024-10866 alanperfectportal–Perfect Portal Widgets
  The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘perfect_portal_intake_form’ shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-12527 Ali Ali–Alpha Price Table For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. 2025-01-07 6.5 CVE-2025-22500 amitrotem–Deliver via Shipos for WooCommerce
  The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-12222 andersyogo–YOGO Booking
  The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘yogo-calendar’ shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12462 appizy–App Embed
  The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘appizy’ shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11749 Arefly–WP Header Notification
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arefly WP Header Notification allows Stored XSS.This issue affects WP Header Notification: from n/a through 1.2.7. 2025-01-07 5.9 CVE-2025-22579 Arista Networks–Arista Edge Threat Management
  Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access 2025-01-10 6.8 CVE-2024-47517 Arista Networks–Arista Edge Threat Management
  Specially constructed queries targeting ETM could discover active remote access sessions 2025-01-10 6.4 CVE-2024-47518 Arista Networks–Arista Edge Threat Management
  A user with administrator privileges is able to retrieve authentication tokens 2025-01-10 6.6 CVE-2024-9133 Arista Networks–CloudVision Appliance
  On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them 2025-01-10 4.6 CVE-2024-7142 Arista Networks–EOS
  On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. 2025-01-10 6.5 CVE-2024-5872 Arista Networks–EOS
  On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well. 2025-01-10 4.3 CVE-2024-7095 Arista Networks–EOS-Policy Based Routing (PBR)
  On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy — certain IP traffic such as IPv4 packets with IP options may bypass the feature’s set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action’s destination. 2025-01-10 5.8 CVE-2024-6437 arrowplugins–Popup MailChimp, GetResponse and ActiveCampaign Intergrations
  The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘upc_delete_db_data’ AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin. 2025-01-07 5.3 CVE-2024-12158 arsdeveloper–ARS Affiliate Page Plugin
  The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘utm_keyword’ parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12098 artbees–Jupiter X Core
  The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates. 2025-01-07 5.3 CVE-2024-12316 artbees–Jupiter X Core
  The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries 2025-01-07 4.3 CVE-2024-12033 aThemeArt–Store Commerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through 1.2.3. 2025-01-07 6.5 CVE-2025-22339 Axis Communications AB–AXIS Camera Station Pro
  Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2025-01-07 6.3 CVE-2024-7696 bailuk–AAT
  AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. 2025-01-06 5.5 CVE-2025-21615 bandido–Woo Ukrposhta
  The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order’, ‘post’, and ‘idd’ parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12049 bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
  The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-12851 Beautiful Templates–ST Gallery WP
  Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8. 2025-01-07 5.4 CVE-2025-22543 Ben Huson–List Pages at Depth
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ben Huson List Pages at Depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through 1.5. 2025-01-07 6.5 CVE-2025-22517 bestwpdeveloper–BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
  The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2025-01-07 4.3 CVE-2024-12532 bharatkambariya–Donation Block For PayPal
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0. 2025-01-07 6.5 CVE-2025-22525 Biltorvet A/S–Biltorvet Dealer Tools
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Biltorvet A/S Biltorvet Dealer Tools allows Stored XSS.This issue affects Biltorvet Dealer Tools: from n/a through 1.0.22. 2025-01-07 6.5 CVE-2025-22580 binsaifullah–Duplicate Post, Page and Any Custom Post
  The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the ‘dpp_duplicate_as_draft’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. 2025-01-07 4.3 CVE-2024-12538 Bishawjit Das–wp custom countdown
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bishawjit Das wp custom countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through 2.8. 2025-01-09 6.5 CVE-2025-22822 bitlydeveloper–Bitly’s WordPress Plugin
  The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings. 2025-01-09 4.3 CVE-2024-12616 bizappventures–Bizapp for WooCommerce
  The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘error’ parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11378 biztechc–WP jQuery DataTable
  The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_jdt’ shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12499 biztechc–WP jQuery DataTable
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in biztechc WP jQuery DataTable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through 4.0.1. 2025-01-07 6.5 CVE-2024-56287 blueberryacc–Files Download Delay
  The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fddwrap’ shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12493 bPlugins LLC–Button Block
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. 2025-01-09 6.5 CVE-2025-22815 bqworks–Accordion Slider Lite
  The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘accordion_slider’ shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-11892 bqworks–Grid Accordion Lite
  The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘grid_accordion’ shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-11874 bqworks–Slider Pro Lite
  The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sliderpro’ shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11899 Brainstorm Force–Astra Widgets
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15. 2025-01-07 6.5 CVE-2024-56274 brainstormforce–SureForms Drag and Drop Form Builder for WordPress
  The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to. 2025-01-08 5.3 CVE-2024-12713 brandtoss–WP Mailster
  Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. 2025-01-07 5.3 CVE-2025-22303 brianmiyaji–Legacy ePlayer
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in brianmiyaji Legacy ePlayer allows Stored XSS.This issue affects Legacy ePlayer: from n/a through 0.9.9. 2025-01-07 6.5 CVE-2025-22572 britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
  The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-12304 brownoxford–Member Access
  The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2025-01-07 5.3 CVE-2024-11290 Bytephp–Arcade Ready
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bytephp Arcade Ready allows Stored XSS.This issue affects Arcade Ready: from n/a through 1.1. 2025-01-07 6.5 CVE-2025-22581 calculatorscanadaca–CC Canadian Mortgage Calculator
  The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cc-mortgage-canada’ shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11383 CampCodes–Computer Laboratory Management System
  A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0341 candifly–Candifly
  The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘candifly’ shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12440 CBB Team–Content Blocks Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. 2025-01-09 6.5 CVE-2025-22810 ChatBot for WordPress – WPBot–Conversational Forms for ChatBot
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ChatBot for WordPress – WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. 2025-01-09 6.5 CVE-2025-22813 chative–Chative Live chat and Chatbot
  The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel. 2025-01-07 5.4 CVE-2024-12541 chatroll–Chatroll Live Chat
  The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘chatroll’ shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12464 Cisco–Cisco Common Services Platform Collector Software
  A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2025-01-08 5.4 CVE-2025-20166 Cisco–Cisco Common Services Platform Collector Software
  A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2025-01-08 5.4 CVE-2025-20167 Cisco–Cisco Common Services Platform Collector Software
  A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2025-01-08 5.4 CVE-2025-20168 Cisco–Cisco Crosswork Network Change Automation
  Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. 2025-01-08 4.8 CVE-2025-20123 Cisco–Cisco ThousandEyes Endpoint Agent
  A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. 2025-01-08 4.8 CVE-2025-20126 cluevo–CLUEVO LMS, E-Learning Platform
  The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-11328 Code Themes–Digi Store
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4. 2025-01-07 6.5 CVE-2025-22354 code-projects–Content Management System
  A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 4.7 CVE-2025-0346 code-projects–Online Bike Rental System
  A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. 2025-01-09 6.3 CVE-2025-0335 code-projects–Online Book Shop
  A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-07 6.3 CVE-2025-0296 code-projects–Online Book Shop
  A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2025-01-07 6.3 CVE-2025-0297 code-projects–Online Book Shop
  A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2025-01-07 6.3 CVE-2025-0298 code-projects–Online Book Shop
  A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-07 6.3 CVE-2025-0299 code-projects–Online Book Shop
  A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-07 6.3 CVE-2025-0300 codepopular–Unlimited Theme Addon For Elementor and WooCommerce
  The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the ‘uta-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2025-01-11 4.3 CVE-2024-12116 Codezips–Project Management System
  A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0336 Coherent Graphics–CPDF
  cpdf through 2.8 allows stack consumption via a crafted PDF document. 2025-01-08 4 CVE-2024-54731 commonninja–Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites
  The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘commonninja’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11382 copist–Icons Enricher
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in copist Icons Enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through 1.0.8. 2025-01-07 6.5 CVE-2025-22573 covertcommunication–Solar Wizard Lite
  The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘solar_wizard’ shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11764 cssimmon–Backup and Restore WordPress Backup Plugin
  The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 4.3 CVE-2024-12208 CubeWP–CubeWP Forms All-in-One Form Builder
  Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.5. 2025-01-07 5.3 CVE-2024-51651 Damion Armentrout–Able Player
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0. 2025-01-07 6.5 CVE-2025-22577 Daniel Walmsley–VR Views
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1. 2025-01-09 6.5 CVE-2025-22820 daniel1088–PIXNET Plugin
  The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gtm’ and ‘venue’ parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11338 dearhive–Dear Flipbook PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
  The PDF Flipbook, 3D Flipbook-DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-11830 DearHive–Social Media Share Buttons | MashShare
  Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. 2025-01-07 4.3 CVE-2025-22319 deios–Financial Stocks & Crypto Market Data Plugin
  The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘e’ parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11690 dell — powerscale_onefs
  Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2025-01-06 5 CVE-2024-47475 Dell–PowerScale OneFS
  Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. 2025-01-08 6.5 CVE-2024-47239 Digital Zoom Studio–Admin debug wordpress enable debug
  Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13. 2025-01-07 4.3 CVE-2025-22503 divineapi–Horoscope And Tarot
  The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘divine_horoscope’ shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11337 dn88–Highlight
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2. 2025-01-07 5.9 CVE-2024-56297 donglight–bookstore
  A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2024-13195 donglight–bookstore
  A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 4.7 CVE-2024-13210 Drupal–CKEditor 4 LTS – WYSIWYG HTML editor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal CKEditor 4 LTS – WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS – WYSIWYG HTML editor: from 1.0.0 before 1.0.1. 2025-01-09 5.4 CVE-2024-13245 Drupal–Coffee
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. 2025-01-09 4.8 CVE-2024-13247 Drupal–Commerce View Receipt
  Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. 2025-01-09 5.3 CVE-2024-13257 Drupal–Cookiebot + GTM
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. 2025-01-09 5.4 CVE-2024-13289 Drupal–Download All Files
  Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. 2025-01-09 5.3 CVE-2024-13303 Drupal–Eloqua
  Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15. 2025-01-09 6.6 CVE-2024-13297 Drupal–Entity Delete Log
  Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. 2025-01-09 6.5 CVE-2024-13243 Drupal–Entity Form Steps
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4. 2025-01-09 4.8 CVE-2024-13305 Drupal–Facets
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. 2025-01-09 6.1 CVE-2024-13283 Drupal–File Entity (fieldable files)
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. 2025-01-09 5.4 CVE-2024-13237 Drupal–Mailjet
  Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1. 2025-01-09 6.6 CVE-2024-13296 Drupal–Minify JS
  Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3. 2025-01-09 4.5 CVE-2024-13304 Drupal–Monster Menus
  Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. 2025-01-09 4.3 CVE-2024-13288 Drupal–Node Access Rebuild Progressive
  Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. 2025-01-09 5.3 CVE-2024-13246 Drupal–Node Access Rebuild Progressive
  Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. 2025-01-09 5.4 CVE-2024-13249 Drupal–Node export
  Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3. 2025-01-09 6.6 CVE-2024-13295 Drupal–OAuth & OpenID Connect Single Sign On SSO (OAuth/OIDC Client)
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19. 2025-01-09 6.1 CVE-2024-13301 Drupal–Open Social
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. 2025-01-09 5.4 CVE-2024-13273 Drupal–Opigno group manager
  Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. 2025-01-09 5.5 CVE-2024-13263 Drupal–Pages Restriction Access
  Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. 2025-01-09 5.3 CVE-2024-13302 Drupal–POST File
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. 2025-01-09 5.4 CVE-2024-13294 Drupal–Private content
  Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. 2025-01-09 5.5 CVE-2024-13248 Drupal–SVG Embed
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. 2025-01-09 5.4 CVE-2024-13286 Drupal–TacJS
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. 2025-01-09 5.4 CVE-2024-13252 Drupal–Tarte au Citron
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5. 2025-01-09 4.8 CVE-2024-13298 Drupal–Tooltip
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. 2025-01-09 4.8 CVE-2024-13292 Drupal–Typogrify
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. 2025-01-09 5.4 CVE-2024-13238 Drupal–View Password
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. 2025-01-09 4.8 CVE-2024-13262 Drupal–Views SVG Animation
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. 2025-01-09 5.4 CVE-2024-13287 Ella van Durpe–Slides & Presentations
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39. 2025-01-07 6.5 CVE-2025-22511 Ella van Durpe–Slides & Presentations
  Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39. 2025-01-07 5.4 CVE-2025-22534 endortrails–Sell Media
  The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sell_media_search_form_gutenberg’ shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11777 Envato–Envato Elements
  Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. 2025-01-07 4.1 CVE-2024-56275 Eric Franklin–Video Embed Optimizer
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through 1.0.0. 2025-01-07 6.5 CVE-2025-22554 Eric McNiece–EMC2 Alert Boxes
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3. 2025-01-07 6.5 CVE-2025-22365 estatik–Estatik Mortgage Calculator
  The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘color’ parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-9354 Etruel Developments LLC–WP Delete Post Copies
  Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through 5.5. 2025-01-07 5.4 CVE-2025-22541 Faaiq–Pretty Url
  Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4. 2025-01-07 4.3 CVE-2025-22563 Fahad Mahmood–WP Docs
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. 2025-01-07 5.9 CVE-2024-56288 FilaThemes–Education LMS
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7. 2025-01-07 6.5 CVE-2025-22334 FlickDevs–News Ticker Widget for Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. 2025-01-09 6.5 CVE-2025-22812 flickrocket–WooCommerce Digital Content Delivery (incl. DRM) FlickRocket
  The WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12438 flowdee–ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
  The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-11 6.1 CVE-2024-11327 formaloo–Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce
  The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11934 FreeType–FreeType
  FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. 2025-01-10 4 CVE-2025-23022 galdub–Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups
  The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses. 2025-01-11 5.4 CVE-2024-12204 geotargetly–Geo Content
  The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘geotargetlygeocontent’ shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11887 GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. 2025-01-08 6.5 CVE-2025-0194 GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. 2025-01-08 4.3 CVE-2024-12431 GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. 2025-01-09 4.2 CVE-2024-13041 GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. 2025-01-09 4.3 CVE-2024-6324 grandy–GDY Modular Content
  The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12153 Gravity Master–PDF Catalog Woocommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through 2.0. 2025-01-09 6.5 CVE-2025-22809 Grocy project–Grocy
  Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. 2025-01-06 4.3 CVE-2024-55075 Guangzhou Huayi Intelligent Technology–Jeewms
  A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. 2025-01-11 6.3 CVE-2025-0391 Guangzhou Huayi Intelligent Technology–Jeewms
  A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. 2025-01-11 6.3 CVE-2025-0392 Guangzhou Huayi Intelligent Technology–Jeewms
  A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. 2025-01-11 5.3 CVE-2025-0390 Gutentor–Gutentor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gutentor Gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through 3.4.0. 2025-01-07 6.5 CVE-2025-22293 HashThemes–Hash Elements
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9. 2025-01-07 6.5 CVE-2025-22296 hassantafreshi–Easy Form Builder WordPress plugin form builder: contact form, survey form, payment form, and custom form builder
  The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter of the ‘add_form_Emsfb’ AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-12112 HasThemes–Free WooCommerce Theme 99fy Extension
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8. 2025-01-09 6.5 CVE-2025-22801 HCL Software–DRYiCE MyXalytics
  HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim’s login session. 2025-01-11 6.8 CVE-2024-42170 HCL Software–DRYiCE MyXalytics
  HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim’s login session. 2025-01-11 6.4 CVE-2024-42171 HCL Software–DRYiCE MyXalytics
  HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. 2025-01-11 5.3 CVE-2024-42172 HCL Software–DRYiCE MyXalytics
  HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. 2025-01-11 4.8 CVE-2024-42173 Hitesh Patel–Metadata SEO
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3. 2025-01-07 6.5 CVE-2025-22516 Hive Support–Hive Support WordPress Help Desk
  Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6. 2025-01-07 4.3 CVE-2025-22298 hoststreamsell–WooCommerce HSS Extension for Streaming Video
  The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12214 Huawei–HarmonyOS
  Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. 2025-01-08 6.2 CVE-2023-52953 Huawei–HarmonyOS
  Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 6.5 CVE-2023-52955 Huawei–HarmonyOS
  Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 6.2 CVE-2024-54121 Huawei–HarmonyOS
  Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2025-01-08 6.2 CVE-2024-56435 Huawei–HarmonyOS
  Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 6 CVE-2024-56438 Huawei–HarmonyOS
  Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 6.2 CVE-2024-56440 Huawei–HarmonyOS
  Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2025-01-08 6.2 CVE-2024-56443 Huawei–HarmonyOS
  Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 6.7 CVE-2024-56448 Huawei–HarmonyOS
  Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2025-01-08 6.6 CVE-2024-56449 Huawei–HarmonyOS
  Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 6.3 CVE-2024-56450 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 6.8 CVE-2024-56453 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 6.8 CVE-2024-56456 Huawei–HarmonyOS
  Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2025-01-08 5.5 CVE-2024-56436 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 5.7 CVE-2024-56437 Huawei–HarmonyOS
  Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 5.5 CVE-2024-56442 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 5.5 CVE-2024-56452 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 5.5 CVE-2024-56454 Huawei–HarmonyOS
  Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 5.5 CVE-2024-56455 Huawei–HarmonyOS
  Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 4.4 CVE-2023-52954 Huawei–HarmonyOS
  Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 4.1 CVE-2024-54120 Huawei–HarmonyOS
  UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. 2025-01-08 4.4 CVE-2024-56434 Huawei–HarmonyOS
  Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2025-01-08 4.1 CVE-2024-56441 Huawei–HarmonyOS
  Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. 2025-01-08 4.3 CVE-2024-56445 Huawei–HarmonyOS
  Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. 2025-01-08 4 CVE-2024-56446 Huurkalender–Huurkalender WP
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a through 1.5.6. 2025-01-07 6.5 CVE-2025-22528 IBM–App Connect Enterprise Certified Container
  IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. 2025-01-09 5.5 CVE-2022-22491 IBM–Concert Software
  IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. 2025-01-07 5.9 CVE-2024-52366 IBM–Concert Software
  IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. 2025-01-07 5.3 CVE-2024-52367 IBM–Concert Software
  IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. 2025-01-07 5.4 CVE-2024-52891 IBM–Concert Software
  IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2025-01-07 5.3 CVE-2024-52893 IBM–Controller
  IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. 2025-01-07 6.5 CVE-2024-28778 IBM–Controller
  IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2025-01-07 4.3 CVE-2022-22363 IBM–Controller
  IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. 2025-01-07 4.3 CVE-2024-25037 IBM–Db2
  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. 2025-01-08 5.5 CVE-2024-40679 IBM–Jazz Foundation
  IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2025-01-12 5.4 CVE-2021-29669 IBM–OpenPages
  IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. 2025-01-09 5.4 CVE-2024-43176 IBM–Robotic Process Automation
  IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. 2025-01-12 5.9 CVE-2024-51456 IBM–Security QRadar EDR
  IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. 2025-01-07 5.3 CVE-2024-45640 IBM–Security QRadar EDR
  IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. 2025-01-07 4.9 CVE-2024-45100 IBM–Sterling B2B Integrator Standard Edition
  IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2025-01-06 6.4 CVE-2024-31914 IBM–Sterling B2B Integrator Standard Edition
  IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2025-01-06 5.5 CVE-2024-31913 IBM–watsonx.ai
  IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2025-01-12 5.4 CVE-2024-49785 inc2734–Smart Custom Fields
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in inc2734 Smart Custom Fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through 5.0.0. 2025-01-07 6.5 CVE-2025-22308 india-web-developer–WP Youtube Gallery
  The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12590 infility–Infility Global
  The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site. 2025-01-07 6.5 CVE-2024-11496 infility–Infility Global
  The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12290 instaform.ir– 
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in instaform.ir فرم ساز فرم افزار allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a through 2.0. 2025-01-07 6.5 CVE-2025-22524 intergotelecom–WP Bulk SMS by SMS.to
  The WP – Bulk SMS – by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11434 Jason Funk–Title Experiments Free
  Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4. 2025-01-09 4.3 CVE-2025-22561 Jason Funk–Title Experiments Free
  Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4. 2025-01-07 4.3 CVE-2025-22562 jdsofttech–School Management System WPSchoolPress
  The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the ‘cid’ parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2025-01-07 6.5 CVE-2024-12332 Jewel Theme–Image Hover Effects for Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3. 2025-01-07 6.5 CVE-2025-22323 jleuze–Meteor Slides
  The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slide_url_value’ parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12073 Joe Motacek–ICS Button
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joe Motacek ICS Button allows Stored XSS.This issue affects ICS Button: from n/a through 0.6. 2025-01-07 6.5 CVE-2025-22574 jonathankissam–Action Network
  The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-12394 Joomag.–WP Joomag
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joomag. WP Joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through 2.5.2. 2025-01-09 6.5 CVE-2025-22827 Joomla! Project–Joomla! CMS
  Various module chromes didn’t properly process inputs, leading to XSS vectors. 2025-01-07 6.1 CVE-2024-40747 Julien Crego–Boot-Modal
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Julien Crego Boot-Modal allows Stored XSS.This issue affects Boot-Modal: from n/a through 1.9.1. 2025-01-07 6.5 CVE-2025-22551 Juniper Networks–Junos OS
  An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2; and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S10-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-EVO. 2025-01-09 6.5 CVE-2025-21593 Juniper Networks–Junos OS
  An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer.  This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S9-EVO,  * from 22.2 before 22.2R3-S5-EVO,  * from 22.3 before 22.3R3-S4-EVO,  * from 22.4 before 22.4R3-S5-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S2-EVO,  * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516. 2025-01-09 6.5 CVE-2025-21600 Juniper Networks–Junos OS
  An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS:  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  This issue does not affect versions prior to 21.1R1. Junos OS Evolved:  * from 21.4 before 21.4R3-S9-EVO,  * from 22.2 before 22.2R3-S5-EVO,  * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S3-EVO,  * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions prior to 21.1R1-EVO 2025-01-09 6.5 CVE-2025-21602 Juniper Networks–Junos OS
  An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either ‘show services advanced-anti-malware’ or ‘show services security-intelligence’ command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. 2025-01-09 5.5 CVE-2025-21592 Juniper Networks–Junos OS
  An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the ‘show chassis environment pem’ command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system. This issue affects Junos OS on SRX1500, SRX4100, SRX4200:  * All versions before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S4,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S1. 2025-01-09 5.5 CVE-2025-21596 Justin Twerdy–Genesis Style Shortcodes
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0. 2025-01-09 6.5 CVE-2025-22823 justinticktock–Role Includer
  The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12124 KentoThemes–Justified Image Gallery
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through 1.0. 2025-01-07 6.5 CVE-2025-22518 Kingsoft–WPS Office
  A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-08 5.3 CVE-2024-13187 kurniaramadhan–E-Commerce-PHP
  A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-09 5.5 CVE-2024-13204 kurniaramadhan–E-Commerce-PHP
  A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-09 4.3 CVE-2024-13203 Laborator–Aurum – WordPress & WooCommerce Shopping Theme
  The Aurum – WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘lab_1cl_demo_install_package_content’ function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content. 2025-01-07 4.3 CVE-2024-12781 LabRedesCefetRJ–WeGIA
  WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. 2025-01-10 6.5 CVE-2025-22596 LabRedesCefetRJ–WeGIA
  WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. 2025-01-10 6.5 CVE-2025-22599 LabRedesCefetRJ–WeGIA
  WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8. 2025-01-10 6.5 CVE-2025-22600 lddwebdesign–LDD Directory Lite
  The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12540 leiyuxi–cy-fast
  A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0333 leiyuxi–cy-fast
  A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0334 leiyuxi–cy-fast
  A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0344 leiyuxi–cy-fast
  A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2025-0345 Lenderd–1003 Mortgage Application
  Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87. 2025-01-07 4.3 CVE-2025-22591 letscms–Binary MLM Woocommerce
  The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the ‘bmw_display_pv_set_page’ function and insufficient input sanitization and output escaping of the ‘product_points’ parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12383 letscms–Binary MLM Woocommerce
  The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12384 letscms–Unilevel MLM Plan
  The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12324 levelfourstorefront–Shopping Cart & eCommerce Store
  The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses. 2025-01-08 5.3 CVE-2024-12712 librdf–Raptor RDF Syntax Library
  In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). 2025-01-10 4 CVE-2024-57822 linearoy–Linear
  The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘linear_block_buy_commissions’ shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12496 Link Whisper–Link Whisper Free
  Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. 2025-01-07 5.3 CVE-2025-22306 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. 2025-01-06 5.5 CVE-2024-56757 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the “fixes” patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. 2025-01-06 5.5 CVE-2024-56758 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it. 2025-01-06 5.5 CVE-2024-56760 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the “kernel IBT no ENDBR” selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn’t preserve WFE and IRET doesn’t set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ] 2025-01-06 5.5 CVE-2024-56761 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. 2025-01-06 5.5 CVE-2024-56763 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. 2025-01-06 5.5 CVE-2024-56767 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavailable: [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c [ 8.471849] #PF: supervisor read access in kernel mode [ 8.471881] #PF: error_code(0x0000) – not-present page Fix by inlining a return 0 in the !CONFIG_SMP case. 2025-01-06 5.5 CVE-2024-56768 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 … Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 … 2025-01-06 5.5 CVE-2024-56769 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, ‘qlen’ of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, ‘qlen’ only accounts for the packets in its internal tfifo. When netem is used with a child qdisc, the child qdisc can use ‘qdisc_tree_reduce_backlog’ to inform its parent, netem, about created or dropped SKBs. This function updates ‘qlen’ and the backlog statistics of netem, but netem does not account for changes made by a child qdisc. ‘qlen’ then indicates the wrong number of packets in the tfifo. If a child qdisc creates new SKBs during enqueue and informs its parent about this, netem’s ‘qlen’ value is increased. When netem dequeues the newly created SKBs from the child, the ‘qlen’ in netem is not updated. If ‘qlen’ reaches the configured sch->limit, the enqueue function stops working, even though the tfifo is not full. Reproduce the bug: Ensure that the sender machine has GSO enabled. Configure netem as root qdisc and tbf as its child on the outgoing interface of the machine as follows: $ tc qdisc add dev <oif> root handle 1: netem delay 100ms limit 100 $ tc qdisc add dev <oif> parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms Send bulk TCP traffic out via this interface, e.g., by running an iPerf3 client on the machine. Check the qdisc statistics: $ tc -s qdisc show dev <oif> Statistics after 10s of iPerf3 TCP test before the fix (note that netem’s backlog > limit, netem stopped accepting packets): qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0) backlog 4294528236b 1155p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0) backlog 0b 0p requeues 0 Statistics after the fix: qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0) backlog 0b 0p requeues 0 tbf segments the GSO SKBs (tbf_segment) and updates the netem’s ‘qlen’. The interface fully stops transferring packets and “locks”. In this case, the child qdisc and tfifo are empty, but ‘qlen’ indicates the tfifo is at its limit and no more packets are accepted. This patch adds a counter for the entries in the tfifo. Netem’s ‘qlen’ is only decreased when a packet is returned by its dequeue function, and not during enqueuing into the child qdisc. External updates to ‘qlen’ are thus accounted for and only the behavior of the backlog statistics changes. As in other qdiscs, ‘qlen’ then keeps track of how many packets are held in netem and all of its children. As before, sch->limit remains as the maximum number of packets in the tfifo. The same applies to netem’s backlog statistics. 2025-01-08 5.5 CVE-2024-56770 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N02JW all require a single bit of ECC strength and thus feature an on-die Hamming-like ECC engine. There is no point in filling a ->get_status() callback for them because the main ECC status bytes are located in standard places, and retrieving the number of bitflips in case of corrected chunk is both useless and unsupported (if there are bitflips, then there is 1 at most, so no need to query the chip for that). Without this change, a kernel warning triggers every time a bit flips. 2025-01-08 5.5 CVE-2024-56771 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state. 2025-01-08 5.5 CVE-2024-56773 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn’t check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot(). 2025-01-08 5.5 CVE-2024-56774 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. 2025-01-08 5.5 CVE-2024-56776 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. 2025-01-08 5.5 CVE-2024-56777 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer ‘crtc_state’ in case of the failure. 2025-01-08 5.5 CVE-2024-56778 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open(“file”) … nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_task1 */ rpc_run_task rpc_wait_for_completion_task umount -f nfs_umount_begin rpc_killall_tasks rpc_signal_task rpc_task1 been wakeup and return -512 _nfs4_do_open // while loop … nfs4_run_open_task /* rpc_task2 */ rpc_run_task rpc_wait_for_completion_task While processing an open request, nfsd will first attempt to find or allocate an nfs4_openowner. If it finds an nfs4_openowner that is not marked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since two rpc_task can attempt to open the same file simultaneously from the client to server, and because two instances of nfsd can run concurrently, this situation can lead to lots of memory leak. Additionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be triggered. NFS SERVER nfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // alloc oo1, stateid1 nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // find oo1, without NFS4_OO_CONFIRMED release_openowner unhash_openowner_locked list_del_init(&oo->oo_perclient) // cannot find this oo // from client, LEAK!!! alloc_stateowner // alloc oo2 nfsd4_process_open2 init_open_stateid // associate oo1 // with stateid1, stateid1 LEAK!!! nfs4_get_vfs_file // alloc nfsd_file1 and nfsd_file_mark1 // all LEAK!!! nfsd4_process_open2 … write_threads … nfsd_destroy_serv nfsd_shutdown_net nfs4_state_shutdown_net nfs4_state_destroy_net destroy_client __destroy_client // won’t find oo1!!! nfsd_shutdown_generic nfsd_file_cache_shutdown kmem_cache_destroy for nfsd_file_slab and nfsd_file_mark_slab // bark since nfsd_file1 // and nfsd_file_mark1 // still alive ======================================================================= BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() ———————————————————————– Slab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28 flags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff) CPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dum —truncated— 2025-01-08 5.5 CVE-2024-56779 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don’t always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze. 2025-01-08 5.5 CVE-2024-56780 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which is deprecated and now triggers a warning at boot since commit 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”). For example: Missing ‘#size-cells’ in /pci@f2000000/mac-io@c/escc@13000 WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108 Hardware name: PowerMac3,1 7400 0xc0209 PowerMac … Call Trace: of_bus_n_size_cells+0x98/0x108 (unreliable) of_bus_default_count_cells+0x40/0x60 __of_get_address+0xc8/0x21c __of_address_to_resource+0x5c/0x228 pmz_init_port+0x5c/0x2ec pmz_probe.isra.0+0x144/0x1e4 pmz_console_init+0x10/0x48 console_init+0xcc/0x138 start_kernel+0x5c4/0x694 As powermacs boot via prom_init it’s possible to add the missing properties to the device tree during boot, avoiding the warning. Note that `escc-legacy` nodes are also missing `#size-cells` properties, but they are skipped by the macio driver, so leave them alone. Depends-on: 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”) 2025-01-08 5.5 CVE-2024-56781 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional. Add a check for adev being NULL before calling acpi_dev_hid_match(). At the moment acpi_quirk_skip_serdev_enumeration() is never called with a controller_parent without an ACPI companion, but better safe than sorry. 2025-01-08 5.5 CVE-2024-56782 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace. 2025-01-08 5.5 CVE-2024-56783 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: ‘#interrupt-cells’ found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: ‘#interrupt-cells’ found, but node is not an interrupt provider arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite ‘interrupt_provider’ And a runtime warning introduced in commit 045b14ca5c36 (“of: WARN on deprecated #address-cells/#size-cells handling”): WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0 Missing ‘#address-cells’ in /bus@10000000/pci@1a000000/pci_bridge@9,0 The fix is similar to commit d89a415ff8d5 (“MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a”), which has fixed the issue for ls2k (despite its subject mentions ls7a). 2025-01-08 5.5 CVE-2024-56785 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link’s program when link is safe to be deallocated In general, BPF link’s underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link’s memory is not safe to free, attach hook’s code might hold a pointer to BPF program and use it. As such, it’s not (generally) correct to put link’s program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program’s release code doing similar RCU GP waiting, but as will be shown in the following patches, BPF program can be non-sleepable (and, thus, reliant on only “classic” RCU GP), while BPF link’s attach hook can have sleepable semantics and needs to be protected by RCU Tasks Trace, and for such cases BPF link has to go through RCU Tasks Trace + “classic” RCU GPs before being deallocated. And so, if we put BPF program early, we might free BPF program before we free BPF link, leading to use-after-free situation. So, this patch defers bpf_prog_put() until we are ready to perform bpf_link’s deallocation. At worst, this delays BPF program freeing by one extra RCU GP, but that seems completely acceptable. Alternatively, we’d need more elaborate ways to determine BPF hook, BPF link, and BPF program lifetimes, and how they relate to each other, which seems like an unnecessary complication. Note, for most BPF links we still will perform eager bpf_prog_put() and link dealloc, so for those BPF links there are no observable changes whatsoever. Only BPF links that use deferred dealloc might notice slightly delayed freeing of BPF programs. Also, to reduce code and logic duplication, extract program put + link dealloc logic into bpf_link_dealloc() helper. 2025-01-08 5.5 CVE-2024-56786 linux — linux_kernel
  In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver_async_probe. Convert the SoC code to platform driver and instantiate a platform device in its current device_initcall() to probe the platform driver. Rework .soc_revision callback to always return valid error code and return SoC revision via parameter. This way, if anything in the .soc_revision callback return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get retried later. ” ————[ cut here ]———— WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180 CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603 Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : imx8mm_soc_revision+0xdc/0x180 lr : imx8mm_soc_revision+0xd0/0x180 sp : ffff8000821fbcc0 x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120 x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311 x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8 x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801 x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3 x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb Call trace: imx8mm_soc_revision+0xdc/0x180 imx8_soc_init+0xb0/0x1e0 do_one_initcall+0x94/0x1a8 kernel_init_freeable+0x240/0x2a8 kernel_init+0x28/0x140 ret_from_fork+0x10/0x20 —[ end trace 0000000000000000 ]— SoC: i.MX8MP revision 1.1 “ 2025-01-08 5.5 CVE-2024-56787 litonice13–Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
  The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-9502 Lucia Intelisano–Live Flight Radar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0. 2025-01-09 6.5 CVE-2025-22824 lumiblog–Marketplace Items
  The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘envato’ shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12437 lumiblog–Marketplace Items
  The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘marketplace’ shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12439 M Bilal M–Urdu Formatter Shamil
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1. 2025-01-07 6.5 CVE-2025-22531 MacPorts–MacPorts
  A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. 2025-01-07 6.8 CVE-2024-11681 madrasthemes–MAS Elementor
  The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2025-01-08 6.4 CVE-2024-12328 MagePeople Team–Bus Ticket Booking with Seat Reservation
  Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. 2025-01-07 4.3 CVE-2024-49294 magepeopleteam–Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration WpRently | WordPress plugin
  The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘active_tab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.1 CVE-2024-12412 makeplane–plane
  Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims’ browsers when viewing the profile image. 2025-01-06 5.4 CVE-2025-21616 manycontacts–WhatsApp click to chat
  The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘manycontacts_code’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-11686 Marcus C. J. Hartmann–mcjh button shortcode
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through 1.6.4. 2025-01-07 6.5 CVE-2025-22558 marekzak01–SmartEmailing.cz
  The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘se-lists-updated’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12261 masjidal–Muslim Prayer Time-Salah/Iqamah
  The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12515 matrix-org–matrix-rust-sdk
  matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user’s cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed. 2025-01-07 4.3 CVE-2024-52813 Mattermost–Mattermost
  Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. 2025-01-09 4.3 CVE-2025-20033 maximize–Simple Video Management System
  The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘analytics_video’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12256 mdmag–Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
  The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘quillforms-popup’ shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11826 MediaTek, Inc.–MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8676, MT8678, MT8798, MT8863
  In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928. 2025-01-06 6.7 CVE-2024-20151 MediaTek, Inc.–MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798, MT8893
  In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798. 2025-01-06 4.4 CVE-2024-20152 MediaTek, Inc.–MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6980, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676
  In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041. 2025-01-06 6.6 CVE-2024-20144 MediaTek, Inc.–MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676
  In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069. 2025-01-06 6.6 CVE-2024-20143 MediaTek, Inc.–MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8676
  In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040. 2025-01-06 6.6 CVE-2024-20145 MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768
  In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743. 2025-01-06 6.7 CVE-2024-20105 MediaTek, Inc.–MT6739, MT6761, MT6768, MT6781, MT6833, MT6853, MT6877, MT6885, MT6893, MT8518S, MT8532
  In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020. 2025-01-06 6.7 CVE-2024-20140 metaphorcreations–Post Duplicator
  The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. 2025-01-11 5.3 CVE-2024-12472 MicroWorld–eScan Antivirus
  A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-08 5.3 CVE-2024-13188 milmor–WP SPID Italia
  The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-11758 Mind Doodle–Mind Doodle Visual Sitemaps & Tasks
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks allows Stored XSS.This issue affects Mind Doodle Visual Sitemaps & Tasks: from n/a through 1.6. 2025-01-07 6.5 CVE-2025-22544 Modeltheme–MT Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. 2025-01-09 6.5 CVE-2025-22811 Modernaweb Studio–Black Widgets For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. 2025-01-09 6.5 CVE-2025-22806 Mozilla–Firefox
  Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 6.5 CVE-2025-0242 Mozilla–Firefox
  When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. 2025-01-07 6.5 CVE-2025-0246 Mozilla–Firefox
  The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 5.4 CVE-2025-0237 Mozilla–Firefox
  Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 5.3 CVE-2025-0238 Mozilla–Firefox
  Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 5.1 CVE-2025-0243 Mozilla–Firefox
  When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. 2025-01-07 5.3 CVE-2025-0244 Mozilla–Firefox
  When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 4 CVE-2025-0239 Mozilla–Firefox
  Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. 2025-01-07 4 CVE-2025-0240 mpc–Responsive FlipBook Plugin WordPress
  The Responsive FlipBook Plugin WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-11929 murali-indiacitys–Push Notification for Post and BuddyPress
  The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pushnotificationid’ parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-11 6.1 CVE-2024-12407 muzaara–Optimize Your Campaigns Google Shopping Google Ads Google Adwords
  The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack. 2025-01-07 5.3 CVE-2024-12159 n/a–n/a
  A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2025-01-06 6.1 CVE-2024-35498 n/a–n/a
  A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the “next” parameter, which is included in the application’s response without adequate escaping. An attacker can exploit this flaw by tricking a user into visiting a specially crafted URL, causing the execution of arbitrary JavaScript code in the context of the victim’s browser. The issue occurs even though the application has sanitization mechanisms in place. 2025-01-06 6.1 CVE-2024-46073 n/a–n/a
  Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. 2025-01-07 6.1 CVE-2024-50659 n/a–n/a
  Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script 2025-01-06 6.1 CVE-2024-51112 n/a–n/a
  The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component. 2025-01-06 6.3 CVE-2024-53933 n/a–n/a
  The com.callos14.callscreen.colorphone (aka iCall OS17 – Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component. 2025-01-06 6.5 CVE-2024-53935 n/a–n/a
  The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component. 2025-01-06 6.3 CVE-2024-53936 n/a–n/a
  BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the ‘dev_code’ parameter. 2025-01-09 6.3 CVE-2024-54761 n/a–n/a
  Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection. 2025-01-09 6.3 CVE-2024-54762 n/a–n/a
  An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. 2025-01-06 6.5 CVE-2024-54763 n/a–n/a
  An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. 2025-01-06 6.5 CVE-2024-54764 n/a–n/a
  IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. 2025-01-07 6.1 CVE-2024-55218 n/a–n/a
  An issue in keras 3.7.0 allows attackers to write arbitrary files to the user’s machine via downloading a crafted tar file through the get_file function. 2025-01-08 6.5 CVE-2024-55459 n/a–n/a
  A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php. 2025-01-09 6.1 CVE-2024-55494 n/a–n/a
  A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. 2025-01-06 5.3 CVE-2023-6604 n/a–n/a
  A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. 2025-01-09 5.4 CVE-2024-42898 n/a–n/a
  Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. 2025-01-07 5.4 CVE-2024-44450 n/a–n/a
  A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. 2025-01-06 5.4 CVE-2024-46209 n/a–n/a
  Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. 2025-01-09 5.4 CVE-2024-55226 n/a–n/a
  An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. 2025-01-06 5.3 CVE-2024-55408 n/a–n/a
  A flaw was found in FFmpeg’s HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. 2025-01-06 4.7 CVE-2023-6601 n/a–n/a
  Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim’s browser. 2025-01-06 4.1 CVE-2024-51111 n/a–pgAgent
  When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. 2025-01-07 5.5 CVE-2025-0218 n/a–SEMCMS
  A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-08 6.3 CVE-2024-13193 n/a–Sucms
  A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2024-13194 n/a–YunzMall
  A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-09 5.3 CVE-2025-0331 Nagy Sandor–Simple Photo Sphere
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10. 2025-01-07 6.5 CVE-2025-22532 nasirahmed–Advanced Form Integration
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in nasirahmed Advanced Form Integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through 1.95.0. 2025-01-07 5.9 CVE-2024-56293 newsletter2go–Newsletter2Go
  The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘resetStyles’ AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles. 2025-01-09 4.3 CVE-2024-12618 nickboss–WordPress File Upload
  The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘wfu_ajax_action_read_subfolders’ function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed. 2025-01-07 4.3 CVE-2024-12719 OISF–suricata
  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. 2025-01-06 5.9 CVE-2024-55627 Olaf Lederer–EO4WP
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7. 2025-01-07 6.5 CVE-2025-22327 One Plus Solution–jQuery TwentyTwenty
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in One Plus Solution jQuery TwentyTwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through 1.0. 2025-01-07 6.5 CVE-2025-22546 opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K)
  The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the ‘template_id’ parameter of the ‘article_builder_generate_data’ shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2025-01-10 6.5 CVE-2024-12473 opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K)
  The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the “al_scribe_content_data” actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-09 4.3 CVE-2024-12605 opacewebdesign–AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K)
  The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings. 2025-01-10 4.3 CVE-2024-12606 OpenHarmony–OpenHarmony
  in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2025-01-07 5.5 CVE-2024-45070 OpenHarmony–OpenHarmony
  in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. 2025-01-07 4.4 CVE-2024-54030 ORION–Allada T-shirt Designer for Woocommerce
  Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1. 2025-01-07 5.3 CVE-2025-22363 osamaesh–WP Visitor Statistics (Real Time Traffic)
  Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3. 2025-01-07 4.3 CVE-2025-22304 otwthemes–Toggles Shortcode and Widget
  The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2025-01-07 4.4 CVE-2024-12207 outtheboxthemes–Same but Different Related Posts by Taxonomy
  The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11363 Pablo Cornehl–WP Github
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pablo Cornehl WP Github allows Stored XSS.This issue affects WP Github: from n/a through 1.3.3. 2025-01-07 6.5 CVE-2025-22549 pantherius–WordPress Survey & Poll Quiz, Survey and Poll Plugin for WordPress
  The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpsurveypoll_results’ shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12528 Paul Bearne–Author Avatars List/Block
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23. 2025-01-09 6.5 CVE-2025-22804 paygreen–PayGreen Payment Gateway
  The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message_id’ parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11810 phoeniixx–Woocommerce check pincode/zipcode for shipping
  The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-12218 Piotnet–Piotnet Addons For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. 2025-01-07 6.5 CVE-2025-22333 piotnetdotcom–Piotnet Addons For Elementor
  The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-9673 Pixelite–WP FullCalendar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pixelite WP FullCalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through 1.5. 2025-01-07 6.5 CVE-2025-22261 PixelYourSite–PixelYourSite Your smart PIXEL (TAG) Manager
  Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2. 2025-01-07 5.4 CVE-2025-22300 PLANEX COMMUNICATIONS INC.–MZK-DP300N
  Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user’s web browser when accessing a crafted URL. 2025-01-08 4.8 CVE-2025-21603 pluginspoint–Timeline Pro
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pluginspoint Timeline Pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through 1.3. 2025-01-07 6.5 CVE-2025-22584 POSIMYTH–Nexter Blocks
  Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7. 2025-01-07 6.4 CVE-2024-56294 posturinn–Psturinn’s Shipping with WooCommerce
  The Pósturinn&#039;s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-11815 Powerfusion–WPAchievements Free
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/a through 1.2.0. 2025-01-07 6.5 CVE-2025-22362 Progress–Sitefinity
  : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. 2025-01-07 6.8 CVE-2024-11627 proloybhaduri–LazyLoad Background Images
  The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings. 2025-01-07 4.3 CVE-2024-12327 qualcomm — ar8035_firmware
  Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. 2025-01-06 6.1 CVE-2024-33067 qualcomm — fastconnect_6900_firmware
  Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls, 2025-01-06 6.7 CVE-2024-33041 qualcomm — fastconnect_6900_firmware
  Memory corruption while invoking IOCTL calls to unmap the DMA buffers. 2025-01-06 6.7 CVE-2024-33055 qualcomm — fastconnect_6900_firmware
  Memory corruption while processing frame command IOCTL calls. 2025-01-06 6.7 CVE-2024-33059 qualcomm — qam8255p_firmware
  Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. 2025-01-06 6.6 CVE-2024-23366 qualcomm — qam8255p_firmware
  information disclosure while invoking the mailbox read API. 2025-01-06 6.1 CVE-2024-43063 qualcomm — qcs8550_firmware
  Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. 2025-01-06 6.8 CVE-2024-33061 Qualcomm, Inc.–Snapdragon
  Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. 2025-01-06 5.5 CVE-2024-45559 Rails–Action Pack
  The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. 2025-01-09 4 CVE-2023-28362 Rails–ActiveSupport
  There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. 2025-01-09 5.3 CVE-2023-28120 Rails–Kredis JSON
  There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code 2025-01-09 5.3 CVE-2023-27531 Rails–Rack
  There is a denial of service vulnerability in the header parsing component of Rack. 2025-01-09 5.3 CVE-2023-27539 Rails–rails-ujs
  There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. 2025-01-09 6.3 CVE-2023-23913 rajeshsingh520–Store credit / Gift cards for woocommerce
  The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘coupon’, ‘start_date’, and ‘end_date’ parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11369 ramon-fincken–Simple add pages or posts
  The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12288 reader87–Dominion Domain Checker for WPBakery
  The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dominion_shortcodes_domain_search_6’ shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-12520 realmag777–MDTF Meta Data and Taxonomies Filter
  The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the ‘key’ attribute of the ‘mdf_value’ shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2025-01-08 6.5 CVE-2024-12030 Red Hat–Red Hat Enterprise Linux 6
  A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. 2025-01-09 5.6 CVE-2024-56826 Red Hat–Red Hat Enterprise Linux 6
  A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. 2025-01-09 5.6 CVE-2024-56827 redis–redis
  Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. 2025-01-06 4.4 CVE-2024-51741 reflectionmedia–User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor
  The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta. 2025-01-07 6.1 CVE-2024-12738 reichertbrothers–SimplyRETS Real Estate IDX
  The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sr_search_form’ shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12491 revmakx–InfiniteWP Client
  The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the ‘historyID’ parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory. 2025-01-08 5.3 CVE-2024-10585 rightmessage–RightMessage WP
  The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rm_area’ shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12445 Robert Peake–Responsive Flickr Slideshow
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through 2.6.0. 2025-01-09 6.5 CVE-2025-22807 rrdevs–RRAddons for Elementor
  The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. 2025-01-11 4.3 CVE-2024-11915 S3Bubble–S3Player WooCommerce & Elementor Integration
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in S3Bubble S3Player – WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player – WooCommerce & Elementor Integration: from n/a through 4.2.1. 2025-01-09 6.5 CVE-2025-22818 samdani–GS Insever Portfolio
  The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s CSS settings. 2025-01-09 4.3 CVE-2024-12249 Saoshyant.1994–Saoshyant Page Builder
  Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8. 2025-01-07 5.3 CVE-2025-22560 sazzadh–Image Magnify
  The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_magnify’ shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11445 scriptsbundle–AdForest
  The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license. 2025-01-08 4.3 CVE-2024-12855 searchie–Searchie
  The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sio_embed_media’ shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12819 SecureSubmit–WP SecureSubmit
  Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16. 2025-01-07 5.3 CVE-2024-56270 SecureSubmit–WP SecureSubmit
  Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16. 2025-01-07 4.3 CVE-2024-56271 sellsy–Sellsy
  The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘testSellsy’ shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12592 seomantis–SEO Keywords
  The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12126 shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
  The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12624 silabs.com–Simplicity SDK
  A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. 2025-01-08 6.5 CVE-2024-6350 Simon Chuang–Show Google Analytics widget
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simon Chuang Show Google Analytics widget allows Stored XSS.This issue affects Show Google Analytics widget: from n/a through 1.5.4. 2025-01-07 6.5 CVE-2025-22515 SingMR–HouseRent
  A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2024-13211 SingMR–HouseRent
  A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-09 6.3 CVE-2024-13212 SIOT– 
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SIOT 아임포트 결제버튼 생성 플러그인 allows Stored XSS.This issue affects 아임포트 결제버튼 생성 플러그인: from n/a through 1.1.19. 2025-01-07 6.5 CVE-2025-22530 skyword–Skyword API Plugin
  The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘skyword_iframe’ shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-11907 smartdatasoft–Essential WP Real Estate
  The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts. 2025-01-10 5.3 CVE-2024-13318 socialrocket–Social Rocket Social Sharing Plugin
  The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialrocket-floating’ shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-9702 socialrocket–Social Rocket Social Sharing Plugin
  The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings. 2025-01-07 5.3 CVE-2024-9697 solwininfotech–Timeline Designer
  The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the ‘s’ parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2025-01-07 4.9 CVE-2024-11437 SourceCodester–Home Clean Services Management System
  A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2025-01-07 4.7 CVE-2025-0294 spacecodes–AI for SEO
  Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. 2025-01-07 4.3 CVE-2025-22299 sperse–Automate Hub Free by Sperse.IO
  The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11377 Splunk–Splunk App for SOAR
  In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin” Splunk roles. 2025-01-07 6.4 CVE-2025-22621 Sprout Apps–Help Scout
  Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1. 2025-01-07 4.3 CVE-2025-22512 ssema–SEMA API
  The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-12285 StarSea99–starsea-mall
  A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2025-01-12 4.7 CVE-2025-0399 Steve D–SpeakOut! Email Petitions
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Steve D SpeakOut! Email Petitions allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through 4.4.2. 2025-01-07 6.5 CVE-2025-22309 Stormhill Media–MyBookTable Bookstore
  Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. 2025-01-07 5.4 CVE-2025-22301 stylemix–WordPress Header Builder Plugin Pearl
  The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-09 4.3 CVE-2024-12206 surakrai–MIMO Woocommerce Order Tracking
  The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings. 2025-01-09 4.3 CVE-2024-5769 Surbma–Surbma | Premium WP
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through 9.0. 2025-01-09 6.5 CVE-2025-22808 sw-galati.ro–iframe to embed
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a through 1.2. 2025-01-07 6.5 CVE-2025-22545 swarminteractive–ViewMedica 9
  The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12291 swarminteractive–ViewMedica 9
  The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the ‘Viewmedica-Admin’ page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 5.4 CVE-2024-12170 sweepwidget–SweepWidget Contests, Giveaways, Photo Contests, Competitions
  The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sweepwidget’ shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-11756 tcoder–TCBD Auto Refresher
  The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tcbd_auto_refresh’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-12519 TemplatesNext–TemplatesNext ToolKit
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TemplatesNext TemplatesNext ToolKit allows Stored XSS.This issue affects TemplatesNext ToolKit: from n/a through 3.2.9. 2025-01-07 6.5 CVE-2025-22310 teonos–Slotti Ajanvaraus
  The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slotti-embed-ga’ shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-12521 thehappymonster–Happy Addons for Elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha_cmc_text’ parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-12852 TheInnovs–ElementsCSS Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. 2025-01-07 6.5 CVE-2025-22321 themeatelier–Chat Support for Viber Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode
  The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vchat’ shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12457 themebon–Ultimate Image Hover Effects
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themebon Ultimate Image Hover Effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through 1.1.2. 2025-01-07 6.5 CVE-2025-22585 themeisle–Orbit Fox by ThemeIsle
  The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-10 6.4 CVE-2024-13183 themeisle–Orbit Fox by ThemeIsle
  The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-10 6.4 CVE-2025-0311 themepoints–Service Box
  The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12699 ThemePoints–Skill Bar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. 2025-01-09 6.5 CVE-2025-22805 themesflat–Themesflat Addons For Elementor
  The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-08 6.4 CVE-2024-12205 ThemeSupport–Hide Category by User Role for WooCommerce
  Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1. 2025-01-07 4.3 CVE-2024-56272 ThimPress–Thim Elementor Kit
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. 2025-01-07 6.5 CVE-2025-22312 tinuzz–Trackserver
  The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tsmap’ shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-12505 Tips and Tricks HQ–Compact WP Audio Player
  Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through 1.9.14. 2025-01-07 6.4 CVE-2024-56279 tobias_conrad–Design for Contact Form 7 Style WordPress Plugin CF7 WOW Styler
  The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains. 2025-01-07 6.5 CVE-2024-12419 transportersio–Transporters.io
  The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12557 TXOne Networks–Portable Inspector
  Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of Service situation can be resolved by restarting the management service. This issue affects Portable Inspector: through 1.0.0; Portable Inspector Pro Edition: through 1.0.0. 2025-01-08 5.3 CVE-2024-47934 unitecms–Unlimited Elements For Elementor
  The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn’t part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually. 2025-01-09 6.4 CVE-2024-13153 Unknown–Aklamator INfeed
  The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2025-01-09 6.1 CVE-2024-12731 Unknown–Aklamator INfeed
  The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2025-01-09 4.8 CVE-2024-12717 Unknown–Asgard Security Scanner
  The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2025-01-09 6.1 CVE-2024-12715 Unknown–Auto iFrame
  The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2025-01-08 5.4 CVE-2024-10151 Unknown–Backlink Monitoring Manager
  The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2025-01-09 6.1 CVE-2024-12714 Unknown–BU Section Editing
  The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2025-01-09 6.1 CVE-2024-12736 Unknown–Category Posts Widget
  The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2025-01-07 4.8 CVE-2024-9638 Unknown–Email Subscribers by Icegram Express
  The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks 2025-01-06 6.5 CVE-2024-12311 Unknown–Icegram Engage
  The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks 2025-01-06 6.1 CVE-2024-12302 Unknown–Pods
  The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2025-01-06 6.1 CVE-2024-11849 Unknown–PostLists
  The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers 2025-01-09 4.2 CVE-2024-10815 Unknown–Property Hive
  The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2025-01-08 6.1 CVE-2024-12585 Unknown–Tabs Shortcode
  The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2025-01-07 5.3 CVE-2024-11606 Unknown–tourmaster
  The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. 2025-01-06 6.1 CVE-2024-11356 Unknown–WordPress Auction Plugin
  The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. 2025-01-07 4.8 CVE-2024-8857 upress–Enable Accessibility
  The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-9208 uptodown–Uptodown APK Download Widget
  The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘utd-widget’ shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12453 Vanderbilt–REDCap
  An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload. 2025-01-10 6.1 CVE-2025-23110 Vanderbilt–REDCap
  An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload. 2025-01-10 6.1 CVE-2025-23112 Vanderbilt–REDCap
  A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. 2025-01-09 5.4 CVE-2024-56376 Vanderbilt–REDCap
  A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts. 2025-01-09 5.4 CVE-2024-56377 Vanderbilt–REDCap
  An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent. 2025-01-10 4.7 CVE-2025-23111 Venutius–BP Profile Shortcodes Extra
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0. 2025-01-09 6.5 CVE-2025-22817 vfthemes–StorePress
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12. 2025-01-09 6.5 CVE-2025-22821 vickydalmia–Coupon Plugin
  The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Coupon Code’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12516 VillaTheme–Advanced Product Information for WooCommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. 2025-01-09 6.5 CVE-2025-22803 virgial–Bootstrap Blocks for WP Editor v2
  The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gtb-bootstrap/column’ block in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-07 6.4 CVE-2024-12495 VIWIS–LMS
  A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. It is recommended to upgrade the affected component. 2025-01-08 4.3 CVE-2024-8002 VMware–VMware Aria Automation
  VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. 2025-01-08 4.3 CVE-2025-22215 wander-chu–SpringBoot-Blog
  A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2025-01-09 4.7 CVE-2024-13201 wc1c–WC1C
  The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-11375 web-mv–ResAds
  The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-09 6.1 CVE-2024-12122 webwirkung–Shipping via Planzer for WooCommerce
  The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-08 6.1 CVE-2024-12337 wordlift–WordLift AI powered SEO Schema
  The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘wl_config_plugin’ AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin’s settings. 2025-01-07 5.3 CVE-2024-12176 WORDPRESTEEM–WE Blocks
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5. 2025-01-07 6.5 CVE-2025-22529 wow-analytics–GatorMail SmartForms
  The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gatormailsmartform’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-11 6.4 CVE-2024-11386 WP OnlineSupport, Essential Plugin–Hero Banner Ultimate
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File Inclusion.This issue affects Hero Banner Ultimate: from n/a through 1.4.2. 2025-01-07 6.5 CVE-2025-22305 WP Wand–WP Wand
  Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. 2025-01-07 5.3 CVE-2025-22302 WPBits–WPBITS Addons For Elementor Page Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. 2025-01-07 6.5 CVE-2024-56285 WPBits–WPBITS Addons For Elementor Page Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. 2025-01-07 5.9 CVE-2025-22316 wpchill–Passster Password Protect Pages and Content
  The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2025-01-07 5.3 CVE-2024-11282 wpchill–RSVP and Event Management
  The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. 2025-01-07 5.3 CVE-2024-12711 wpdevart–Booking calendar, Appointment Booking System
  The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2025-01-07 6.1 CVE-2024-12077 wpdevelop, oplugins–Email Reminders
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdevelop, oplugins Email Reminders allows Stored XSS.This issue affects Email Reminders: from n/a through 2.0.5. 2025-01-07 5.9 CVE-2024-56292 WPDeveloper–Typing Text
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. 2025-01-07 6.5 CVE-2025-22315 wpdevteam–Essential Blocks Page Builder Gutenberg Blocks, Patterns & Templates
  The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2025-01-08 4.4 CVE-2024-12045 wpecommerce, wp.insider–Sell Digital Downloads
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. 2025-01-09 6.5 CVE-2025-22826 WPForms–Contact Form by WPForms
  Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2. 2025-01-07 4.3 CVE-2024-56276 wpjobportal–WP Job Portal A Complete Recruitment System for Company or Job Board website
  The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs. 2025-01-07 4.3 CVE-2024-12131 wpqode–FancyPost Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
  The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. 2025-01-07 4.3 CVE-2024-10536 wpsoul–Greenshift animation and page builder blocks
  The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1. 2025-01-09 6.4 CVE-2024-6155 wptravel–WP Travel Ultimate Travel Booking System, Tour Management Engine
  The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the ‘booking_itinerary’ parameter of the ‘wptravel_get_booking_data’ function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2025-01-09 6.5 CVE-2024-12067 WPvivid Backup & Migration–WPvivid Backup and Migration
  Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. 2025-01-07 4.3 CVE-2024-56273 xpro–140+ Widgets | Xpro Addons For Elementor FREE
  The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the ‘duplicate’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. 2025-01-08 4.3 CVE-2024-12584 yudiz–WP Menu Image
  The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wmi_delete_img_menu’ function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus. 2025-01-07 5.3 CVE-2024-12022 yumpu–Yumpu E-Paper publishing
  The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘YUMPU’ shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2025-01-09 6.4 CVE-2024-12621 ZeroWdd–myblog
  A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2025-01-08 6.3 CVE-2024-13190 ZeroWdd–myblog
  A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2025-01-08 6.3 CVE-2024-13191 zhenfeng13–My-Blog
  A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2025-01-06 6.3 CVE-2024-13144 zhenfeng13–My-Blog
  A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2025-01-06 6.3 CVE-2024-13145