Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-12 CVE-2024-9704 The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-12 CVE-2024-9756 The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1.
network
low complexity
 4.3
4.3
2024-10-12 CVE-2024-7489 The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2024-10-12 CVE-2024-9187 The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8.
network
low complexity
CWE-862
4.3
4.3
2024-10-12 CVE-2024-9656 The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-10-12 CVE-2024-9670 The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2.
network
low complexity
CWE-79
6.1
6.1
2024-10-12 CVE-2024-9776 The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2024-10-12 CVE-2024-9824 The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2.
network
low complexity
CWE-862
4.3
4.3
2024-10-12 CVE-2024-9592 The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
network
low complexity
CWE-352
6.1
6.1
2024-10-12 CVE-2024-9821 The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4.
network
low complexity
CWE-200
8.8
8.8