CVE-2024-13793 |
Description: The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.19%
May 8th, 2025 (about 1 month ago)
|
CVE-2024-24796 |
Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1.
CVSS: HIGH (8.2) EPSS Score: 0.24% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
CVE-2024-23513 |
Description: Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.
CVSS: HIGH (8.7) EPSS Score: 0.31% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
CVE-2024-23512 |
Description: Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.
CVSS: HIGH (8.7) EPSS Score: 0.22% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
CVE-2024-0566 |
Description: The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: HIGH (7.2) EPSS Score: 1.33% SSVC Exploitation: poc
May 7th, 2025 (about 1 month ago)
|
CVE-2025-47685 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
CVE-2025-47683 |
Description: Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7.
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 7th, 2025 (about 1 month ago)
|
CVE-2025-47655 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
CVE-2025-47653 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 7th, 2025 (about 1 month ago)
|
CVE-2025-47649 |
Description: Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5.
CVSS: HIGH (8.8) EPSS Score: 0.05%
May 7th, 2025 (about 1 month ago)
|