| 2024-10-01 | CVE-2024-46274 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-46276 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-9060 | The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8288 | The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8324 | The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8430 | The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. | 5.3 |
| 2024-10-01 | CVE-2024-8793 | Cross-site Scripting vulnerability in Visser Store Exporter for Woocommerce
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. | 6.1 |
| 2024-10-01 | CVE-2024-8799 | Cross-site Scripting vulnerability in Goldplugins Custom Banners
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. | 6.1 |
| 2024-10-01 | CVE-2024-9018 | SQL Injection vulnerability in Plugingarden WP Easy Gallery
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-10-01 | CVE-2024-9209 | Cross-site Scripting vulnerability in Cornelraiu WP Search Analytics
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. | 6.1 |