4.3
CVE-2024-5704 - XPlainer β WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorizatβ¦
The XPlainer β WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. ffw_insert_new_faq, ffw_hide_discount_notice, ffw_delete_all_faqs, ffw_delete_single_faq, etcβ¦
4.3
CVE-2024-6167 - Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions
The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to iβ¦
7.2
CVE-2024-5479 - Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting
The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages β¦
5.4
CVE-2024-5993 - Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Updβ¦
The Cliengo β Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, tβ¦
8.8
CVE-2024-6320 - ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attβ¦
8.8
CVE-2024-6321 - ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated β¦
8.8
CVE-2024-6310 - Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the 'admin_init_AAPL' function and missing file type validation in the 'AAPL_options_validate' β¦
9.8
CVE-2024-6314 - IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected siβ¦
9.8
CVE-2024-6313 - Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload
The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'β¦
8.8
CVE-2024-6309 - Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload
The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' functioβ¦