Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2023-52919 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference. | 5.5 |
| 2024-10-22 | CVE-2024-9541 | Unspecified vulnerability in Blazethemes News KIT Elementor Addons The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. | 4.3 |
| 2024-10-22 | CVE-2024-9588 | Cross-Site Request Forgery (CSRF) vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. | 5.4 |
| 2024-10-22 | CVE-2024-9589 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-10-22 | CVE-2024-9590 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-10-22 | CVE-2024-9591 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Image The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-10-22 | CVE-2024-9627 | Unspecified vulnerability in Te-St Teplobot The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. | 7.3 |
| 2024-10-22 | CVE-2024-8852 | Unspecified vulnerability in Servmask All-In-One WP Migration The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. | 5.3 |
| 2024-10-22 | CVE-2024-10002 | Missing Authentication for Critical Function vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. | 8.8 |
| 2024-10-22 | CVE-2024-10003 | Missing Authorization vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. | 6.3 |