Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-18	CVE-2024-8790	Cross-site Scripting vulnerability in Themeinwp Social Share With Floating BAR The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. network low complexity themeinwp CWE-79	6.1
2024-10-18	CVE-2024-8916	Cross-site Scripting vulnerability in Sukiwp Suki Sites Import The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. network low complexity sukiwp CWE-79	5.4
2024-10-18	CVE-2024-9350	Cross-site Scripting vulnerability in DPD Baltic Shipping The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. network low complexity dpd CWE-79	6.1
2024-10-18	CVE-2024-9361	Missing Authorization vulnerability in Giuliopanda Bulk Images Optimizer The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. network low complexity giuliopanda CWE-862	4.3
2024-10-18	CVE-2024-9364	Missing Authorization vulnerability in Smackcoders Sendgrid The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. network low complexity smackcoders CWE-862	4.3
2024-10-18	CVE-2024-9366	Cross-site Scripting vulnerability in Wpzest Easy Menu Manager The Easy Menu Manager \| WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. network low complexity wpzest CWE-79	5.4
2024-10-18	CVE-2024-9373	Cross-site Scripting vulnerability in Dankedev Elemenda The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. network low complexity dankedev CWE-79	5.4
2024-10-18	CVE-2024-9382	Cross-site Scripting vulnerability in Rockettheme Gantry The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. network low complexity rockettheme CWE-79	6.1
2024-10-18	CVE-2024-9383	Cross-site Scripting vulnerability in Parcelpro Parcel PRO The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. network low complexity parcelpro CWE-79	6.1
2024-10-18	CVE-2024-9452	Cross-site Scripting vulnerability in Gurieveugen&Vitaliyshebela Branding The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. network low complexity gurieveugen-vitaliyshebela CWE-79	5.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities