Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-20 CVE-2024-49628 Cross-Site Request Forgery (CSRF) vulnerability in Whiletrue Most and Least Read Posts Widget 2.5.16
Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.
network
low complexity
whiletrue CWE-352
8.8
8.8
2024-10-20 CVE-2024-44061 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-20 CVE-2024-47325 SQL Injection vulnerability in Themeisle multiple Page Generator
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.
network
low complexity
themeisle CWE-89
8.8
8.8
2024-10-20 CVE-2024-49335 Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim Googledrive Folder List
Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2.
network
low complexity
edush-maxim CWE-352
6.1
6.1
2024-10-20 CVE-2024-49605 Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net Avchat Video Chat
Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2.
network
low complexity
avchat-net CWE-352
6.1
6.1
2024-10-20 CVE-2024-49609 SQL Injection vulnerability in Brandonwhite Author Discussion
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2.
network
low complexity
brandonwhite CWE-89
8.8
8.8
2024-10-20 CVE-2024-49612 SQL Injection vulnerability in Infotuts SW Contact Form
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0.
network
low complexity
infotuts CWE-89
8.8
8.8
2024-10-20 CVE-2024-49613 SQL Injection vulnerability in Lodelgeraldo Simple Code Insert Shortcode
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.
network
low complexity
lodelgeraldo CWE-89
8.8
8.8
2024-10-20 CVE-2024-49614 SQL Injection vulnerability in Sermonaudio Widgets
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.
network
low complexity
sermonaudio CWE-89
8.8
8.8
2024-10-20 CVE-2024-49615 Cross-Site Request Forgery (CSRF) vulnerability in Henriquerodrigues Safetyforms
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.
network
low complexity
henriquerodrigues CWE-352
8.8
8.8