Profile avatar
cve-notifications.bsky.social
CVE Sentinel is an automated service designed to keep the cybersecurity community informed about the latest vulnerabilities. Created by @incredincomp.com #security #infosec This product uses the NVD API but is not endorsed or certified by the NVD.
26,660 posts 575 followers 2 following
Prolific Poster
Posts 50 Comments 0

ID: CVE-2025-1464 CVSS V4.0: MEDIUM A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-0968 CVSS V3.1: MEDIUM The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-0916 CVSS V3.1: HIGH The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13534 CVSS V3.1: HIGH The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13533 CVSS V3.1: HIGH The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13491 CVSS V3.1: HIGH The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13485 CVSS V3.1: HIGH The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13483 CVSS V3.1: HIGH The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13481 CVSS V3.1: HIGH The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13479 CVSS V3.1: HIGH The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13478 CVSS V3.1: HIGH The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1075 CVSS V4.0: MEDIUM Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13489 CVSS V3.1: HIGH The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1135 CVSS V4.0: CRITICAL A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1134 CVSS V4.0: CRITICAL A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1133 CVSS V4.0: CRITICAL A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality.... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1132 CVSS V4.0: CRITICAL A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1024 CVSS V4.0: HIGH A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-1007 CVSS V4.0: MEDIUM In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13364 CVSS V3.1: MEDIUM The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13363 CVSS V3.1: MEDIUM The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13339 CVSS V3.1: MEDIUM The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13336 CVSS V3.1: MEDIUM The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13231 CVSS V3.1: MEDIUM The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-0865 CVSS V3.1: MEDIUM The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function.... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13854 CVSS V3.1: MEDIUM The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13736 CVSS V3.1: MEDIUM The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13719 CVSS V3.1: MEDIUM The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13712 CVSS V3.1: MEDIUM The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13711 CVSS V3.1: MEDIUM The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13679 CVSS V3.1: MEDIUM The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13676 CVSS V3.1: MEDIUM The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'image_gallery' shortcode in all versions up to, and including, 2.0 due to insufficient escaping on the user... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13674 CVSS V3.1: MEDIUM The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all versions up to, and including, 1.3.0 due to... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13663 CVSS V3.1: MEDIUM The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstw-cs-table' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13660 CVSS V3.1: MEDIUM The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fshow' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13657 CVSS V3.1: MEDIUM The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 20200131 due to insufficient input sanitization and... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13592 CVSS V3.1: HIGH The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13591 CVSS V3.1: MEDIUM The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13589 CVSS V3.1: MEDIUM The YouTube Playlists with Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yt_grid' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13468 CVSS V3.1: HIGH The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13462 CVSS V3.1: MEDIUM The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13405 CVSS V3.1: MEDIUM The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-13390 CVSS V3.1: MEDIUM The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-12522 CVSS V3.1: MEDIUM The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-12339 CVSS V3.1: MEDIUM The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping.... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-12069 CVSS V3.1: MEDIUM The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-11778 CVSS V3.1: MEDIUM The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-11753 CVSS V3.1: MEDIUM The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2024-11335 CVSS V3.1: MEDIUM The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3... #security #infosec #cve-alert

submitted 8 days ago • 0 comments

ID: CVE-2025-0633 CVSS V4.0: MEDIUM Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory #security #infosec #cve-alert

submitted 8 days ago • 0 comments