7.3
CVE-2024-10899 - WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflectedβ¦
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it β¦
6.1
CVE-2024-9239 - Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting
The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbβ¦
6.1
CVE-2024-8726 - MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scrβ¦
6.5
CVE-2024-10900 - ProfileGrid β User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticβ¦
The ProfileGrid β User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attacβ¦
6.1
CVE-2024-11277 - 404 Solution <= 2.35.19 - Reflected Cross-Site Scripting
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages thatβ¦
3.5
CVE-2024-10515 - SEO Plugin by Squirrly SEO < 12.3.21 - Editor+ Stored XSS
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
6.1
CVE-2024-9653 - Restaurant Menu β Food Ordering System β Table Reservation <= 2.4.2 - Reflected Cross-Site Scripting
The Restaurant Menu β Food Ordering System β Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthentβ¦
4
CVE-2024-52614 -
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.
6.1
CVE-2024-11278 - GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iβ¦
0.0
CVE-2024-11478 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.