8.5
CVE-2024-51621 - WordPress Download-Mirror-Counter plugin <= 1.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1.
8.5
CVE-2024-51625 - WordPress Quran Shortcode plugin <= 1.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5.
7.1
CVE-2024-51782 - WordPress Loginplus plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanjay Prasad Loginplus loginplus allows Stored XSS.This issue affects Loginplus: from n/a through <= 1.2.
7.1
CVE-2024-51783 - WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerab…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through <= 0.3.
7.1
CVE-2024-51784 - WordPress FriendStore for WooCommerce plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulner…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce friendstore-for-woocommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through <= 1.4.2.
6.5
CVE-2024-51786 - WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Realty by BestWebSoft realty allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through <= 1.1.5.
6.5
CVE-2024-51787 - WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerabi…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.4.3.
4.4
CVE-2024-51785 - WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vul…
Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through <= 1.0.22.
9.8
CVE-2024-10508 - RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenti…
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating…
9.8
CVE-2024-10589 - Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticat…