Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-8990 The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-10-01 CVE-2024-9106 The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0.
network
low complexity
CWE-288
critical
9.8
2024-10-01 CVE-2024-9108 The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0.
network
low complexity
CWE-434
critical
9.8
2024-10-01 CVE-2024-9267 The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-9269 The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-10-01 CVE-2024-9272 The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-10-01 CVE-2024-9274 The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-10-01 CVE-2024-9304 The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
2024-10-01 CVE-2024-8107 Cross-site Scripting vulnerability in Themepunch Slider Revolution
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping.
network
low complexity
themepunch CWE-79
5.4
2024-10-01 CVE-2024-8981 The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0.
network
low complexity
7.1