CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/01/08 11:15 a.m.•23 views

CVE-2024-11423

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS0.00753EPSS

Cvelist•added 2025/01/08 11:9 a.m.•259 views

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

7.5CVSS0.00753EPSS

Vulnrichment•added 2025/01/08 11:9 a.m.•11 views

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

7.5CVSS6.8AI score0.00753EPSS

CVE•added 2025/01/08 11:9 a.m.•99 views

CVE-2024-11423

CVE-2024-11423 is exposed in the WordPress plugin “Ultimate Gift Cards for WooCommerce Pro” (Gift Cards for WooCommerce Pro). The root cause is a missing capability check on several REST API endpoints (notably /wp-json/gifting/recharge-giftcard), enabling unauthenticated attackers to modify data ...

7.5CVSS7.4AI score0.00753EPSS

CVE•added 2025/01/07 4:22 a.m.•88 views

CVE-2024-12264

CVE-2024-12264 affects the PayU CommercePro Plugin for WordPress. All versions up to and including 3.8.3 are vulnerable to unauthenticated privilege escalation via /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, allowing creation of new administrative user accounts. A...

9.8CVSS9.5AI score0.00709EPSS

CVE•added 2025/01/04 11:24 a.m.•101 views

CVE-2024-12195

CVE-2024-12195 affects the WordPress plugin “WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts.” The vulnerability is an SQL Injection in the REST endpoint /wp-json/pm/v2/projects/2/task-lists, exploitable through the project_id parameter in ve...

6.5CVSS6.6AI score0.00419EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/01/04 12:0 a.m.•8 views

PT-2025-1774 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin versions up to and including 2.6.16 Description: The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the project id parameter of the "/wp-json/pm/v2/projects/2/task-lists" REST API endpoint...

6.5CVSS9.8AI score0.00419EPSS

Exploits0References10

OSV•added 2024/12/31 6:15 a.m.•4 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS5.9AI score0.54754EPSS

NVD•added 2024/12/31 6:15 a.m.•35 views

CVE-2024-11972

9.8CVSS0.54754EPSS

Vulnrichment•added 2024/12/31 6:0 a.m.•20 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

7.1AI score0.54754EPSS

Cvelist•added 2024/12/31 6:0 a.m.•35 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

0.54754EPSS

CVE•added 2024/12/31 6:0 a.m.•169 views

CVE-2024-11972

CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...

9.8CVSS6.8AI score0.54754EPSS

Exploits5References1Affected Software1

Fedora•added 2024/12/27 1:24 a.m.•18 views

[SECURITY] Fedora 41 Update: incus-6.8-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

9.1CVSS9.5AI score0.03092EPSS

Exploits2

NVD•added 2024/12/19 2:15 a.m.•28 views

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS0.00384EPSS

Exploits0References2

NVD•added 2024/12/18 4:15 a.m.•17 views

CVE-2024-12025

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS0.02542EPSS

Exploits1References2

CVE•added 2024/12/18 3:22 a.m.•99 views

CVE-2024-12025

The WordPress Collapsing Categories plugin (versions

7.5CVSS7.7AI score0.02542EPSS

In wildExploits1References2

NVD•added 2024/12/17 6:15 p.m.•42 views

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00252EPSS

Vulnrichment•added 2024/12/17 5:28 p.m.•8 views

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

3.1CVSS7.2AI score0.00252EPSS

CVE•added 2024/12/17 5:28 p.m.•115 views

CVE-2024-42194

CVE-2024-42194 affects HCL BigFix Inventory: an access-control vulnerability arising from improper handling of permissions allows a read-only account to modify certain configuration parameters via a crafted REST API call. The available documents confirm the affected product and the underlying iss...

3.1CVSS4.1AI score0.00252EPSS