Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-23 CVE-2024-9635 The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wp_http_referer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-23 CVE-2024-11188 The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-23 CVE-2024-11265 The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3.
network
low complexity
CWE-200
4.3
4.3
2024-11-23 CVE-2024-10606 Missing Authorization vulnerability in Wptravelengine WP Travel Engine
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1.
network
low complexity
wptravelengine CWE-862
4.3
4.3
2024-11-23 CVE-2024-10880 The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0.
network
low complexity
CWE-79
6.1
6.1
2024-11-23 CVE-2024-11332 The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder.
network
low complexity
CWE-79
6.4
6.4
2024-11-23 CVE-2024-11361 The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.1.
network
low complexity
CWE-79
6.1
6.1
2024-11-23 CVE-2024-11387 The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-23 CVE-2024-11408 The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-23 CVE-2024-11426 The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4