Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-10	CVE-2024-9057	Cross-site Scripting vulnerability in Curator Curator.Io The Curator.io: Show all your social media posts in a beautiful feed. network low complexity curator CWE-79	5.4
2024-10-10	CVE-2024-9064	Cross-site Scripting vulnerability in Namogo Elementor Inline SVG The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. network low complexity namogo CWE-79	5.4
2024-10-10	CVE-2024-9065	Missing Authorization vulnerability in Matbao WP Helper Premium The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. network low complexity matbao CWE-862	5.3
2024-10-10	CVE-2024-9066	Cross-site Scripting vulnerability in Secretlab Marketing and SEO Booster The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. network low complexity secretlab CWE-79	5.4
2024-10-10	CVE-2024-9072	Cross-site Scripting vulnerability in Gdpr-Extensions Consent Manager The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. network low complexity gdpr-extensions CWE-79	5.4
2024-10-10	CVE-2024-9205	Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. network low complexity wpfactory CWE-79	6.1
2024-10-10	CVE-2024-9377	Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. network low complexity wpfactory CWE-79	6.1
2024-10-10	CVE-2024-9457	Cross-site Scripting vulnerability in Cssjockey WP Builder 3.0.7 The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. network low complexity cssjockey CWE-79	5.4
2024-10-10	CVE-2024-9518	Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. network low complexity wpuserplus critical	9.8
2024-10-10	CVE-2024-9519	Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. network low complexity wpuserplus	7.2

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities