Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-9226 The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.6.
network
low complexity
CWE-79
6.1
6.1
2024-11-09 CVE-2024-10285 The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0.
network
low complexity
CWE-200
critical
 9.8
9.8
2024-11-09 CVE-2024-10294 The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0.
network
low complexity
CWE-862
6.5
6.5
2024-11-09 CVE-2024-10586 The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2.
network
low complexity
CWE-862
critical
 9.8
9.8
2024-11-09 CVE-2024-10588 The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2.
network
low complexity
CWE-862
4.3
4.3
2024-11-09 CVE-2024-8960 The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-09 CVE-2024-9262 The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key.
network
low complexity
CWE-639
6.5
6.5
2024-11-09 CVE-2024-9270 The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-11-09 CVE-2024-9775 Cross-site Scripting vulnerability in Shtheme Anih
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping.
network
low complexity
shtheme CWE-79
4.8
4.8
2024-11-08 CVE-2024-11026 Use of Hard-coded Credentials vulnerability in Free-Now Freenow 12.10.0
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android.
network
high complexity
free-now CWE-798
7.4
7.4