Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6989 | Path Traversal vulnerability in Getshieldsecurity Shield Security The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. | 9.8 |
| 2024-02-05 | CVE-2023-6996 | Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. | 8.8 |
| 2024-02-05 | CVE-2023-7014 | Exposure of Resource to Wrong Sphere vulnerability in Amitzy Molongui Authorship The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. | 7.5 |
| 2024-02-05 | CVE-2023-7029 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-05 | CVE-2024-0221 | Path Traversal vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. | 7.2 |
| 2024-02-05 | CVE-2024-0254 | Cross-site Scripting vulnerability in Shooflysolutions (Simply) Guest Author Name The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-05 | CVE-2024-0255 | Cross-site Scripting vulnerability in Bootstrapped WP Recipe Maker The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-05 | CVE-2024-0324 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. | 7.5 |
| 2024-02-05 | CVE-2023-27318 | Unspecified vulnerability in Netapp Storagegrid 11.6.0 StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. | 7.5 |
| 2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |