6.5
CVE-2024-32961 - WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy.This issue affects Blocksy: from n/a through <= 2.0.33.
7.1
CVE-2024-4077 - WordPress UDesign theme <= 4.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3.
9.1
CVE-2024-31266 - WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulneβ¦
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.
9.6
CVE-2024-30560 - WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ε€§δΎ WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.
8.8
CVE-2024-25917 - WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.
5.3
CVE-2024-3733 - Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= β¦
The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_β¦
9
CVE-2024-22144 - WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predicβ¦
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.
9.8
CVE-2023-51484 - WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
9.9
CVE-2023-51482 - WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerabβ¦
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
9.8
CVE-2023-51478 - WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.