6.4
CVE-2024-10848 - NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and β¦
4.3
CVE-2024-11341 - Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settinβ¦
6.4
CVE-2024-11420 - Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level β¦
5.3
CVE-2024-10937 - Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.β¦
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possibβ¦
8.8
CVE-2024-11429 - Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews β Stars Testimonials <= 3.β¦
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews β Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for auβ¦
3.1
CVE-2024-42195 - HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
6.4
CVE-2024-10178 - Gutentor β Gutenberg Blocks β Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributβ¦
The Gutentor β Gutenberg Blocks β Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes.β¦
6.4
CVE-2024-10881 - LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorβ¦
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackeβ¦
3.6
CVE-2024-54014 -
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device.
6.9
CVE-2024-12188 - 1000 Projects Library Management System stu.php sql injection
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. Theβ¦