Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-26	CVE-2018-11922	Unspecified vulnerability in Qualcomm products Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. local low complexity qualcomm	5.5
2024-11-26	CVE-2018-11952	Improper Authentication vulnerability in Qualcomm products An image with a version lower than the fuse version may potentially be booted lead to improper authentication. local low complexity qualcomm CWE-287	7.8
2024-11-26	CVE-2024-11091	The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2024-11-26	CVE-2024-11119	The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-11-26	CVE-2024-11192	The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-11-26	CVE-2024-9170	Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity booster CWE-79	4.8
2024-11-26	CVE-2024-11202	Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-11-26	CVE-2024-10857	The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. network low complexity CWE-35	6.5
2024-11-26	CVE-2024-11002	The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. network low complexity CWE-94	6.3
2024-11-26	CVE-2024-11342	The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. network low complexity CWE-352	6.1

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities