Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-9590 Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
aftabhusain CWE-79
4.8
2024-10-22 CVE-2024-9591 Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Image
The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
aftabhusain CWE-79
4.8
2024-10-22 CVE-2024-9627 Unspecified vulnerability in Te-St Teplobot
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3.
network
low complexity
te-st
7.3
2024-10-22 CVE-2024-8852 Unspecified vulnerability in Servmask All-In-One WP Migration
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files.
network
low complexity
servmask
5.3
2024-10-22 CVE-2024-10002 Missing Authentication for Critical Function vulnerability in Roveridx Rover IDX
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905.
network
low complexity
roveridx CWE-306
8.8
2024-10-22 CVE-2024-10003 Missing Authorization vulnerability in Roveridx Rover IDX
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903.
network
low complexity
roveridx CWE-862
6.3
2024-10-22 CVE-2024-9677 Insufficiently Protected Credentials vulnerability in Zyxel UOS 1.20/1.21
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator.
local
low complexity
zyxel CWE-522
7.8
2024-10-21 CVE-2024-30157 SQL Injection vulnerability in Mitel Micollab
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input.
network
low complexity
mitel CWE-89
7.2
2024-10-21 CVE-2024-30158 SQL Injection vulnerability in Mitel Micollab
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input.
network
low complexity
mitel CWE-89
7.2
2024-10-21 CVE-2024-30159 Cross-site Scripting vulnerability in Mitel Micollab
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input.
network
low complexity
mitel CWE-79
4.8