Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-8520 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. | 4.3 |
| 2024-10-04 | CVE-2024-8802 | Cross-site Scripting vulnerability in Clio Grow 1.0/1.0.1/1.0.2 The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. | 6.1 |
| 2024-10-04 | CVE-2024-9204 | Cross-site Scripting vulnerability in Nerdpress Smart Custom 404 Error Page The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-04 | CVE-2024-9237 | Cross-site Scripting vulnerability in Wp-Centrics Fish and Ships The Fish and Ships – Most flexible shipping table rate. | 6.1 |
| 2024-10-04 | CVE-2024-9345 | Cross-site Scripting vulnerability in Tychesoftwares Product Delivery Date for Woocommerce The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. | 6.1 |
| 2024-10-04 | CVE-2024-9349 | Cross-site Scripting vulnerability in Michaeluno Auto Amazon Links The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. | 6.1 |
| 2024-10-04 | CVE-2024-9353 | Cross-site Scripting vulnerability in Themes4Wp Popularis Extra The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. | 6.1 |
| 2024-10-04 | CVE-2024-9368 | Cross-site Scripting vulnerability in Miguelmello Aggregator Advanced Settings The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-04 | CVE-2024-9372 | Cross-site Scripting vulnerability in Wpblockshub WP Blocks HUB The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-04 | CVE-2024-9375 | Cross-site Scripting vulnerability in Techbanker Captcha Bank The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. | 6.1 |