2024-10-24 | CVE-2024-49693 | Cross-site Scripting vulnerability in Kraftplugins Mega Elements Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6. | 5.4 |
2024-10-24 | CVE-2024-49695 | Cross-site Scripting vulnerability in Spiffyplugins WP Flow Plus Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3. | 5.4 |
2024-10-24 | CVE-2024-49696 | Cross-site Scripting vulnerability in Robosoft Robo Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through 3.2.21. | 4.8 |
2024-10-24 | CVE-2024-49702 | Cross-site Scripting vulnerability in Mycred Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCRED myCred Elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through 1.2.6. | 5.4 |
2024-10-24 | CVE-2024-5608 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | 8.1 |
2024-10-24 | CVE-2024-8959 | The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. | 6.4 |
2024-10-24 | CVE-2024-10176 | The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-10-24 | CVE-2024-10331 | SQL Injection vulnerability in PHPgurukul Vehicle Record System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. | 8.8 |
2024-10-24 | CVE-2024-9214 | The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaping. | 6.1 |
2024-10-24 | CVE-2024-9650 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. | 6.5 |