Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-25 | CVE-2024-10150 | Cross-site Scripting vulnerability in Bamazoo Button Generator 1.0 The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-10-25 | CVE-2024-10341 | SQL Injection vulnerability in Tezzeract League of Legends Shortcodes The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-10-25 | CVE-2024-10342 | Cross-site Scripting vulnerability in Tezzeract League of Legends Shortcodes The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-10-25 | CVE-2024-45785 | Unspecified vulnerability in Neumann Musasi 3 MUSASI version 3 contains an issue with use of client-side authentication. | 7.5 |
2024-10-25 | CVE-2024-47158 | Code Injection vulnerability in Neumann N-Line N-LINE 2.0.6 and prior versions contain a code injection vulnerability. | 5.4 |
2024-10-25 | CVE-2024-9598 | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. | 8.8 |
2024-10-25 | CVE-2024-9628 | The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4. | 6.3 |
2024-10-25 | CVE-2024-9630 | The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. | 5.4 |
2024-10-25 | CVE-2024-10011 | Path Traversal vulnerability in Buddypress The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. | 8.1 |
2024-10-25 | CVE-2024-10148 | Cross-site Scripting vulnerability in Sohelwpexpert Awesome Buttons The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |