VulDB Recent Entries

A vulnerability, which was classified as critical, has been found in villatheme W2S Plugin up to 1.2.1 on WordPress. This issue affects the function viw2s_view_log. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2024-12861. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Alex Reservations Smart Restaurant Booking Plugin up to 2.0.5 on WordPress. This vulnerability affects the function rr_form of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13380. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in markodonnell Team Rosters Plugin up to 4.7 on WordPress. This affects an unknown part. The manipulation of the argument tab leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12320. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in boomdevs Ai Image Alt Text Generator for WP Plugin up to 1.0.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. This vulnerability is known as CVE-2024-12177. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in qriouslad System Dashboard Plugin up to 2.8.15 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Filename leads to cross site scripting. This vulnerability is handled as CVE-2024-12299. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in atakanau Automatically Hierarchic Categories in Menu Plugin up to 2.0.7 on WordPress. It has been classified as problematic. Affected is the function autocategorymenu of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13466. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in enamulwp Safe Ai Malware Protection for WP Plugin up to 1.0.17 on WordPress and classified as critical. This issue affects the function export_db. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-12269. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Royal-Flush Royal Core Plugin up to 2.9.2 on WordPress and classified as critical. This vulnerability affects the function royal_restore_backup. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12129. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in sellerthemes Storely Plugin up to 16.6 on WordPress. This affects an unknown part of the component Display Name Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10847. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in seventhqueen Typer Core Plugin up to 1.9.6 on WordPress. Affected by this issue is the function elementor-template of the component Shortcode Handler. The manipulation leads to authorization bypass. This vulnerability is handled as CVE-2024-12102. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in visualmodo Borderless Plugin up to 1.5.9 on WordPress. Affected by this vulnerability is the function remove_zipped_font. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-11583. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in makewebbetter MWB HubSpot for WooCommerce Plugin up to 1.5.9 on WordPress. Affected is the function hubwoo_save_updates. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-10591. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in visualmodo Borderless Plugin up to 1.5.9 on WordPress. It has been rated as problematic. This issue affects the function write_config. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-11600. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in IBM App Connect Enterprise Certified Container. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper restriction of communication channel to intended endpoints. This vulnerability was named CVE-2022-43916. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in filipmedia WP Image Uploader Plugin up to 1.0.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument file leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13706. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Clinked Client Portal Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function clinked-login-button of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12524. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in SimplePress Forum Plugin up to 6.10.11 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument s leads to cross site scripting. This vulnerability is known as CVE-2024-12409. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in smub Contact Form & SMTP Plugin up to 2.6.0 on WordPress. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-13453. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in EmbedAI up to 2.0. This issue affects some unknown processing of the file /embedai/chats/load_messages. The manipulation of the argument CHAT_ID leads to improper access controls. The identification of this vulnerability is CVE-2025-0740. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in EmbedAI up to 2.0. This vulnerability affects unknown code of the file /demos/embedai/subscriptions/show/. The manipulation of the argument SUSCBRIPTION_ID leads to improper access controls. This vulnerability was named CVE-2025-0739. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.