VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-01
CVE-2024-8548
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6.
network
low complexity
CWE-862
8.1
8.1
2024-10-01
CVE-2024-8632
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6.
network
low complexity
CWE-862
6.5
6.5
2024-10-01
CVE-2024-8675
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2.
network
low complexity
CWE-862
4.3
4.3
2024-10-01
CVE-2024-8718
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-01
CVE-2024-8720
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-01
CVE-2024-8727
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6.
network
low complexity
CWE-79
6.1
6.1
2024-10-01
CVE-2024-8728
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3.
network
low complexity
CWE-79
6.1
6.1
2024-10-01
CVE-2024-8990
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-01
CVE-2024-9106
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0.
network
low complexity
CWE-288
critical
9.8
9.8
2024-10-01
CVE-2024-9108
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0.
network
low complexity
CWE-434
critical
9.8
9.8
«
Previous
1
2
...
364
365
366
(current)
367
368
...
16500
16501
»
Next