6.1
CVE-2024-10332 -
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint β/abonados/public/janto/main.phpβ.
0.0
CVE-2024-49703 - WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress.This issue affects WpEvently: from n/a through <= 4.2.5.
0.0
CVE-2024-49681 - WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9.
0.0
CVE-2024-49691 - WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.This issue affects Product Filter by WBW: from n/a through <= 2.7.0.
8.3
CVE-2024-5608 - SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
0.0
CVE-2024-49683 - WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerabiβ¦
Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through <= 1.3.5.
6.1
CVE-2024-49682 - WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.
6.4
CVE-2024-8959 - WP Adminify β Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Crβ¦
The WP Adminify β Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenβ¦
6.4
CVE-2024-10176 - Compact WP Audio Player <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via scβ¦
The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦
6.1
CVE-2024-9214 - Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scriptβ¦
The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaβ¦