Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-9443 | Cross-site Scripting vulnerability in Basticom Framework The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-05 | CVE-2024-9667 | Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. | 6.1 |
| 2024-11-05 | CVE-2024-47137 | Out-of-bounds Write vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | 7.8 |
| 2024-11-05 | CVE-2024-47402 | Out-of-bounds Read vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 5.5 |
| 2024-11-05 | CVE-2024-47404 | Double Free vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. | 7.8 |
| 2024-11-05 | CVE-2024-47797 | Out-of-bounds Write vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | 7.8 |
| 2024-11-05 | CVE-2024-10097 | Unspecified vulnerability in Loginizer The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. | 8.1 |
| 2024-11-05 | CVE-2024-5578 | Cross-site Scripting vulnerability in Dublue Table of Contents Plus The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7876 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7877 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |