Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-16 CVE-2024-10614 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0.
network
low complexity
CWE-862
4.3
4.3
2024-11-16 CVE-2024-10015 The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-16 CVE-2024-10017 The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-16 CVE-2024-10262 The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14.
network
low complexity
CWE-94
6.3
6.3
2024-11-16 CVE-2024-10533 The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8.
network
low complexity
CWE-862
4.3
4.3
2024-11-16 CVE-2024-10875 The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58.
network
low complexity
 6.1
6.1
2024-11-16 CVE-2024-10884 The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.0.
network
low complexity
CWE-79
6.1
6.1
2024-11-16 CVE-2024-11085 The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1.
network
low complexity
CWE-862
5.4
5.4
2024-11-16 CVE-2024-11092 The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-16 CVE-2024-6628 The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9.
network
low complexity
CWE-352
4.3
4.3