6.1
CVE-2024-9377 - Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticβ¦
5.3
CVE-2024-9065 - WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any cβ¦
6.4
CVE-2024-9064 - Elementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upβ¦
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abβ¦
6.4
CVE-2024-9066 - Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Fβ¦
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access β¦
8.8
CVE-2024-9522 - WP Users Masquerade <= 2.0.0 - Authenticated (Subscriber+) Authentication Bypass
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level pβ¦
9.8
CVE-2024-9518 - UserPlus <= 2.0 - Unauthenticated Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyβ¦
6.4
CVE-2024-8987 - Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1β¦
The Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outputβ¦
5.3
CVE-2024-8513 - QA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings Update
The QA Analytics β Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.1.1. This makes it possβ¦
6.1
CVE-2024-9205 - Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbiβ¦
7.2
CVE-2024-9519 - UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update tβ¦