| 2024-10-16 | CVE-2020-36839 | The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. | 8.3 |
| 2024-10-16 | CVE-2021-4443 | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. network low complexity CWE-434 critical | 9.8 |
| 2024-10-16 | CVE-2021-4445 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. | 6.5 |
| 2024-10-16 | CVE-2021-4446 | The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. | 6.3 |
| 2024-10-16 | CVE-2021-4447 | The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. | 8.8 |
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2021-4449 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. | 9.8 |
| 2024-10-16 | CVE-2021-4450 | SQL Injection vulnerability in Pickplugins Post Grid
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-10-16 | CVE-2021-4451 | Deserialization of Untrusted Data vulnerability in Nintechnet Ninjafirewall
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. | 7.2 |
| 2024-10-16 | CVE-2022-4971 | Cross-site Scripting vulnerability in Heateor Sassy Social Share
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. | 6.1 |