7.3

CVSS3.1

CVE-2024-10899 - WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected…

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it …

πŸ“… Published: Nov. 20, 2024, 6:42 a.m. πŸ”„ Last Modified: April 8, 2026, 5:21 p.m.

6.1

CVSS3.1

CVE-2024-9239 - Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arb…

πŸ“… Published: Nov. 20, 2024, 6:42 a.m. πŸ”„ Last Modified: April 8, 2026, 5:20 p.m.

6.1

CVSS3.1

CVE-2024-8726 - MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scr…

πŸ“… Published: Nov. 20, 2024, 6:42 a.m. πŸ”„ Last Modified: April 8, 2026, 5:12 p.m.

6.5

CVSS3.1

CVE-2024-10900 - ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authentic…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attac…

πŸ“… Published: Nov. 20, 2024, 6:42 a.m. πŸ”„ Last Modified: April 8, 2026, 5:12 p.m.

6.1

CVSS3.1

CVE-2024-11277 - 404 Solution <= 2.35.19 - Reflected Cross-Site Scripting

The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that…

πŸ“… Published: Nov. 20, 2024, 6:42 a.m. πŸ”„ Last Modified: April 8, 2026, 4:42 p.m.

3.5

CVSS3.1

CVE-2024-10515 - SEO Plugin by Squirrly SEO < 12.3.21 - Editor+ Stored XSS

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

πŸ“… Published: Nov. 20, 2024, 6 a.m. πŸ”„ Last Modified: March 31, 2025, 7:33 p.m.

6.1

CVSS3.1

CVE-2024-9653 - Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.2 - Reflected Cross-Site Scripting

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthent…

πŸ“… Published: Nov. 20, 2024, 5:32 a.m. πŸ”„ Last Modified: April 8, 2026, 4:36 p.m.

4

CVSS3.0

CVE-2024-52614 -

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.

πŸ“… Published: Nov. 20, 2024, 5:12 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-11278 - GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i…

πŸ“… Published: Nov. 20, 2024, 4:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-11478 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Nov. 20, 2024, 12:30 a.m. πŸ”„ Last Modified: July 30, 2025, 11:15 p.m.
Total resulsts: 349182
Page 7781 of 34,919
Β« previous page Β» next page
Filters