Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-10150 Cross-site Scripting vulnerability in Bamazoo Button Generator 1.0
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bamazoo CWE-79
5.4
2024-10-25 CVE-2024-10341 SQL Injection vulnerability in Tezzeract League of Legends Shortcodes
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
tezzeract CWE-89
6.5
2024-10-25 CVE-2024-10342 Cross-site Scripting vulnerability in Tezzeract League of Legends Shortcodes
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tezzeract CWE-79
5.4
2024-10-25 CVE-2024-45785 Unspecified vulnerability in Neumann Musasi 3
MUSASI version 3 contains an issue with use of client-side authentication.
network
low complexity
neumann
7.5
2024-10-25 CVE-2024-47158 Code Injection vulnerability in Neumann N-Line
N-LINE 2.0.6 and prior versions contain a code injection vulnerability.
network
low complexity
neumann CWE-94
5.4
2024-10-25 CVE-2024-9598 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1.
network
low complexity
CWE-352
8.8
2024-10-25 CVE-2024-9628 The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4.
network
low complexity
CWE-862
6.3
2024-10-25 CVE-2024-9630 The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4.
network
low complexity
CWE-862
5.4
2024-10-25 CVE-2024-10011 Path Traversal vulnerability in Buddypress
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter.
network
low complexity
buddypress CWE-22
8.1
2024-10-25 CVE-2024-10148 Cross-site Scripting vulnerability in Sohelwpexpert Awesome Buttons
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sohelwpexpert CWE-79
5.4