Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-9267 The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3.
network
low complexity
CWE-79
6.1
6.1
2024-10-01 CVE-2024-9269 The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-9272 The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-9274 The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-9304 The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-10-01 CVE-2024-8107 Cross-site Scripting vulnerability in Themepunch Slider Revolution
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping.
network
low complexity
themepunch CWE-79
5.4
5.4
2024-10-01 CVE-2024-8981 The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0.
network
low complexity
 7.1
7.1
2024-10-01 CVE-2024-9360 SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0
A vulnerability was found in code-projects Restaurant Reservation System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-10-01 CVE-2024-9359 SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-09-30 CVE-2024-45073 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
 4.8
4.8