6.5
CVE-2024-38757 - WordPress Typebot plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0.
6.5
CVE-2024-38767 - WordPress BSK PDF Manager plugin <= 3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
4.9
CVE-2024-38758 - WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
5.3
CVE-2024-6489 - Getwid β Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
The Getwid β Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access β¦
4.3
CVE-2024-6491 - Getwid β Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid β Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level aβ¦
2.7
CVE-2024-6694 - WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure
The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-leβ¦
6.5
CVE-2024-3934 - Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Doβ¦
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitraβ¦
7.3
CVE-2024-6281 - Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
5.3
CVE-2024-6560 - Addonify β Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure
The Addonify β Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retβ¦
6.4
CVE-2024-2337 - Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authβ¦