Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-8756 The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function.
network
low complexity
CWE-200
5.3
5.3
2024-11-09 CVE-2024-10669 The Countdown Timer block – Display the event's date into a timer.
network
low complexity
CWE-639
4.3
4.3
2024-11-09 CVE-2024-10770 The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-09 CVE-2024-10814 The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function.
network
low complexity
CWE-918
6.4
6.4
2024-11-09 CVE-2024-10625 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7.
network
low complexity
CWE-22
critical
 9.8
9.8
2024-11-09 CVE-2024-10626 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7.
network
low complexity
CWE-22
8.8
8.8
2024-11-09 CVE-2024-10627 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7.
network
low complexity
CWE-434
critical
 9.8
9.8
2024-11-09 CVE-2024-10673 The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4.
network
low complexity
CWE-862
8.8
8.8
2024-11-09 CVE-2024-10674 The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9.
network
low complexity
CWE-862
8.8
8.8
2024-11-09 CVE-2024-10693 The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3