8
CVE-2024-8979 - Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Build…
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it…
7.5
CVE-2024-45784 - Apache Airflow: Sensitive configuration values are not masked in the logs by default
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially ex…
6.1
CVE-2024-10825 - Hide My WP Ghost – Security & Firewall <= 5.3.01 - Reflected Cross-Site Scripting via URL
The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra…
6.4
CVE-2024-8961 - Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Build…
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and o…
6.6
CVE-2024-9529 - Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege…
5.9
CVE-2024-10104 - Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
7.2
CVE-2024-10793 - WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script…
7.2
CVE-2024-10260 - Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that…
6.1
CVE-2024-9356 - Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected Cross-Site Scripting
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it p…
4.3
CVE-2024-10582 - Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Auth…
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attac…