6.1
CVE-2024-9231 - WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web s…
8.3
CVE-2024-35308 - Post-auth Arbitrary File Read in the Server Plugins Section
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
8.6
CVE-2024-9987 - SQL Injection in CSV Module Data Collection
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
4.3
CVE-2024-9541 - News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure vi…
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access a…
5.5
CVE-2024-9589 - Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scrip…
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attribute…
5.5
CVE-2024-9591 - Category and Taxonomy Image <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting
The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentica…
5.5
CVE-2024-9590 - Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attri…
5.4
CVE-2024-9588 - Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and d…
8.6
CVE-2024-9627 - TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot To…
5.3
CVE-2024-8852 - All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full path…