Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-9206 Cross-site Scripting vulnerability in Madrasthemes MAS Companies for WP JOB Manager
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13.
network
low complexity
madrasthemes CWE-79
6.1
6.1
2024-10-18 CVE-2024-9703 Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tychesoftwares CWE-79
5.4
5.4
2024-10-18 CVE-2024-38820 Unspecified vulnerability in VMWare Spring Framework
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.
network
low complexity
vmware
5.3
5.3
2024-10-18 CVE-2024-46897 Incorrect Permission Assignment for Critical Resource vulnerability in Exceedone Exment
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier.
network
low complexity
exceedone CWE-732
3.8
3.8
2024-10-18 CVE-2024-47793 Cross-site Scripting vulnerability in Exceedone Exment
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier.
network
low complexity
exceedone CWE-79
5.4
5.4
2024-10-18 CVE-2024-10014 Cross-site Scripting vulnerability in Tiandiyoyo Flat UI Button 1.0
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tiandiyoyo CWE-79
5.4
5.4
2024-10-18 CVE-2024-10040 Cross-Site Request Forgery (CSRF) vulnerability in Infinite-Scroll
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2.
network
low complexity
infinite-scroll CWE-352
4.3
4.3
2024-10-18 CVE-2024-10049 Cross-site Scripting vulnerability in Edit Woocommerce Templates Project Edit Woocommerce Templates
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. 		6.1
6.1
2024-10-18 CVE-2024-10119 OS Command Injection vulnerability in ZTE Wrtm326 Firmware
The wireless router WRTM326 from SECOM does not properly validate a specific parameter.
network
low complexity
zte CWE-78
critical
 9.8
9.8
2024-10-18 CVE-2024-8740 Cross-site Scripting vulnerability in Fatcatapps Getresponse Forms
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6.
network
low complexity
fatcatapps CWE-79
6.1
6.1