7.6
CVE-2024-32134 - WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Bโฆ
7.6
CVE-2024-32135 - WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51.
7.6
CVE-2024-32136 - WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.
8.5
CVE-2024-32137 - WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4.
8.5
CVE-2024-32139 - WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
4.4
CVE-2024-32431 - WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2.
4.4
CVE-2024-32430 - WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
4.4
CVE-2024-32454 - WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more โ Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more โ Wappointment: from n/a through 2.6.0.
5.5
CVE-2023-52144 - WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15.
6.5
CVE-2024-32079 - WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2.