Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9969 | Cross-site Scripting vulnerability in Newtype Webeip 3.0 NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. | 5.4 |
| 2024-10-15 | CVE-2024-9970 | Unspecified vulnerability in Newtype Flowmaster BPM Plus The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. | 8.8 |
| 2024-10-15 | CVE-2024-9971 | SQL Injection vulnerability in Newtype Flowmaster BPM Plus The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9968 | SQL Injection vulnerability in Newtype Webeip 3.0 WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. | 8.8 |
| 2024-10-15 | CVE-2024-6757 | Unspecified vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. | 4.3 |
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-15 | CVE-2024-9820 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. | 7.5 |
| 2024-10-15 | CVE-2024-9952 | Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. | 4.8 |
| 2024-10-15 | CVE-2024-9546 | Unspecified vulnerability in Xplodedthemes Wpide The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. | 5.3 |
| 2024-10-15 | CVE-2024-9548 | Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. | 6.1 |