9.1
CVE-2024-8671 - WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary filβ¦
7.3
CVE-2024-8623 - MDTF β Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution
The The MDTF β Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. Thisβ¦
9.9
CVE-2024-8624 - MDTF β Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection
The MDTF β Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatioβ¦
5.3
CVE-2024-8794 - BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to β¦
9.8
CVE-2024-8791 - Donation Forms by Charitable β Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - β¦
The Donation Forms by Charitable β Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied thβ¦
6.1
CVE-2024-8544 - Pixel Cat β Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting
The Pixel Cat β Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitraryβ¦
6.1
CVE-2024-8738 - Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iβ¦
6.1
CVE-2024-8662 - Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pagesβ¦
8.8
CVE-2024-8795 - BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user's accβ¦
6.1
CVE-2024-8716 - XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary β¦