Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-9220 Cross-site Scripting vulnerability in Petershaw LH Copy Media File
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08.
network
low complexity
petershaw CWE-79
6.1
6.1
2024-10-01 CVE-2024-9224 Path Traversal vulnerability in Kau-Boys Hello World
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function.
network
low complexity
kau-boys CWE-22
6.5
6.5
2024-10-01 CVE-2024-9228 Cross-site Scripting vulnerability in Duckdev Loggedin
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1.
network
low complexity
duckdev CWE-79
6.1
6.1
2024-10-01 CVE-2024-9241 Cross-site Scripting vulnerability in Contempo PDF Image Generator
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6.
network
low complexity
contempo CWE-79
6.1
6.1
2024-10-01 CVE-2024-9265 Unspecified vulnerability in Coderevolution Echo RSS Feed Post Generator
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6.
network
low complexity
coderevolution
critical
 9.8
9.8
2024-10-01 CVE-2024-9289 Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1.
network
low complexity
redefiningtheweb CWE-306
critical
 9.8
9.8
2024-10-01 CVE-2024-7432 Deserialization of Untrusted Data vulnerability in Ultrapress Unseen Blog
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input.
network
low complexity
ultrapress CWE-502
8.8
8.8
2024-10-01 CVE-2024-7433 Deserialization of Untrusted Data vulnerability in Ultrapress Empowerment
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input.
network
low complexity
ultrapress CWE-502
8.8
8.8
2024-10-01 CVE-2024-7434 Deserialization of Untrusted Data vulnerability in Ultrapress
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input.
network
low complexity
ultrapress CWE-502
8.8
8.8
2024-10-01 CVE-2024-7869 The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2