Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-9667 | Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. | 6.1 |
| 2024-11-05 | CVE-2024-47137 | Out-of-bounds Write vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | 7.8 |
| 2024-11-05 | CVE-2024-47402 | Out-of-bounds Read vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 5.5 |
| 2024-11-05 | CVE-2024-47404 | Double Free vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. | 7.8 |
| 2024-11-05 | CVE-2024-47797 | Out-of-bounds Write vulnerability in Openatom Openharmony in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | 7.8 |
| 2024-11-05 | CVE-2024-10097 | Unspecified vulnerability in Loginizer The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. | 8.1 |
| 2024-11-05 | CVE-2024-5578 | Cross-site Scripting vulnerability in Dublue Table of Contents Plus The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7876 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7877 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-9459 | SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | 8.8 |