Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-49693 Cross-site Scripting vulnerability in Kraftplugins Mega Elements
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6.
network
low complexity
kraftplugins CWE-79
5.4
2024-10-24 CVE-2024-49695 Cross-site Scripting vulnerability in Spiffyplugins WP Flow Plus
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3.
network
low complexity
spiffyplugins CWE-79
5.4
2024-10-24 CVE-2024-49696 Cross-site Scripting vulnerability in Robosoft Robo Gallery
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through 3.2.21.
network
low complexity
robosoft CWE-79
4.8
2024-10-24 CVE-2024-49702 Cross-site Scripting vulnerability in Mycred Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCRED myCred Elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through 1.2.6.
network
low complexity
mycred CWE-79
5.4
2024-10-24 CVE-2024-5608 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
network
low complexity
zohocorp CWE-89
8.1
2024-10-24 CVE-2024-8959 The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
2024-10-24 CVE-2024-10176 The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-10-24 CVE-2024-10331 SQL Injection vulnerability in PHPgurukul Vehicle Record System 1.0
A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0.
network
low complexity
phpgurukul CWE-89
8.8
2024-10-24 CVE-2024-9214 The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-10-24 CVE-2024-9650 The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.5