6.4
CVE-2024-10150 - Bamazoo β Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgβ¦
The Bamazoo β Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.4
CVE-2024-10342 - League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting viβ¦
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with cβ¦
6.5
CVE-2024-10341 - League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible foβ¦
6.3
CVE-2024-50583 -
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
6.1
CVE-2024-9607 - 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iβ¦
8.8
CVE-2024-9235 - Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Optionβ¦
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authβ¦
6.4
CVE-2024-10148 - Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,β¦
8.1
CVE-2024-10011 - BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended direβ¦
8.1
CVE-2024-9302 - App Builder β Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Acβ¦
The App Builder β Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_password() functions not having enough controls toβ¦
6.2
CVE-2024-48870 -
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.