CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6097 – Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-6097
12 Feb 2025 — In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. • https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-traversal-CVE-2024-6097 • CWE-36: Absolute Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11628 – Prototype Pollution in Progress® Telerik® Kendo UI for Vue
https://notcve.org/view.php?id=CVE-2024-11628
12 Feb 2025 — In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. • https://www.telerik.com/kendo-vue-ui/components/knowledge-base/kb-security-protoype-pollution-2024-11628 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23892 – WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23892
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. The Progress Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj... • https://patchstack.com/database/wordpress/plugin/progress-tracker/vulnerability/wordpress-progress-tracker-plugin-0-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23936 – WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23936
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar permite XSS almacenado. Este problema afecta a CC Circle Progress Bar: desde n/a hasta 1.0.0. • https://patchstack.com/database/wordpress/plugin/cc-circle-progress-bar/vulnerability/wordpress-cc-circle-progress-bar-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10012 – Progress UI for WPF format provider unsafe deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-10012
13 Nov 2024 — In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10013 – Progress UI for WinForms format provider unsafe deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-10013
13 Nov 2024 — In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49652 – WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49652
21 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3. The 3D Work In Progress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's s... • https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49657 – WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49657
21 Oct 2024 — Missing Authorization vulnerability in ReneeCussack 3D Work In Progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through 1.0.3. The 3D Work In Progress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server,... • https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37411 – WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37411
27 Jun 2024 — Missing Authorization vulnerability in Team Emilia Projects Progress Planner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Progress Planner: from n/a through 0.9.1. The Progress Planner plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check in the validate_token() function in versions up to, and including, 0.9.1. This makes it possible for unauthenticated attackers to retrieve stats. • https://patchstack.com/database/vulnerability/progress-planner/wordpress-progress-planner-plugin-0-9-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37422 – WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37422
27 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Team Emilia Projects Progress Planner permite XSS almacenado. Este problema afecta al Progress Planner: desde n/a hasta 0.9.2. The Progress Planner plugin fo... • https://patchstack.com/database/vulnerability/progress-planner/wordpress-progress-planner-plugin-0-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •