VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-11
CVE-2024-9543
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-11
CVE-2024-9586
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
6.5
6.5
2024-10-11
CVE-2024-9587
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
5.4
5.4
2024-10-11
CVE-2024-9610
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13.
network
low complexity
CWE-79
6.1
6.1
2024-10-11
CVE-2024-9611
The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.
network
low complexity
6.1
6.1
2024-10-11
CVE-2024-9616
The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10.
network
low complexity
CWE-79
6.1
6.1
2024-10-11
CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4.
network
low complexity
CWE-862
critical
9.8
9.8
2024-10-11
CVE-2024-9822
Authentication Bypass Using an Alternate Path or Channel vulnerability in Pedalo Connector
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5.
network
low complexity
pedalo
CWE-288
critical
9.8
9.8
2024-10-10
CVE-2024-47867
Unspecified vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project
7.5
7.5
2024-10-10
CVE-2024-47868
Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project
CWE-22
7.5
7.5
«
Previous
1
2
...
312
313
314
(current)
315
316
...
16517
16518
»
Next