Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-8505 | Cross-site Scripting vulnerability in Connekthq Ajax Load More The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-9218 | Cross-site Scripting vulnerability in Themegrill Magazine Blocks The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. | 6.1 |
| 2024-10-02 | CVE-2024-9344 | Cross-site Scripting vulnerability in Berqier Berqwp The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-02 | CVE-2024-9378 | Cross-site Scripting vulnerability in Icopydoc YML for Yandex Market The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-02 | CVE-2024-8800 | Cross-site Scripting vulnerability in Yoginetwork Rabbitloader The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. | 6.1 |
| 2024-10-02 | CVE-2024-8967 | Cross-site Scripting vulnerability in Iworks PWA The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-9172 | Cross-site Scripting vulnerability in Kraftplugins Demo Importer Plus The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-9210 | Cross-site Scripting vulnerability in Ibericode Mailchimp TOP BAR The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-10-02 | CVE-2024-9222 | Cross-site Scripting vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. | 6.1 |
| 2024-10-02 | CVE-2024-9225 | Cross-site Scripting vulnerability in Seopress The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. | 6.1 |