Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-9590 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-10-22 | CVE-2024-9591 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Image The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-10-22 | CVE-2024-9627 | Unspecified vulnerability in Te-St Teplobot The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. | 7.3 |
2024-10-22 | CVE-2024-8852 | Unspecified vulnerability in Servmask All-In-One WP Migration The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. | 5.3 |
2024-10-22 | CVE-2024-10002 | Missing Authentication for Critical Function vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. | 8.8 |
2024-10-22 | CVE-2024-10003 | Missing Authorization vulnerability in Roveridx Rover IDX The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. | 6.3 |
2024-10-22 | CVE-2024-9677 | Insufficiently Protected Credentials vulnerability in Zyxel UOS 1.20/1.21 The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. | 7.8 |
2024-10-21 | CVE-2024-30157 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
2024-10-21 | CVE-2024-30158 | SQL Injection vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. | 7.2 |
2024-10-21 | CVE-2024-30159 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |