Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-8715 | Cross-site Scripting vulnerability in Objectiv Simple Ldap Login The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-09-28 | CVE-2024-8353 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. | 9.8 |
| 2024-09-28 | CVE-2024-8547 | Cross-site Scripting vulnerability in Garrettgrimm Simple Popup Plugin 4.5 The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-28 | CVE-2024-8788 | Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. | 6.1 |
| 2024-09-28 | CVE-2024-9023 | Cross-site Scripting vulnerability in Axton Wp-Webauthn The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-28 | CVE-2024-9189 | Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. | 5.3 |
| 2024-09-27 | CVE-2024-23586 | Insufficient Session Expiration vulnerability in Hcltech HCL Nomad HCL Nomad is susceptible to an insufficient session expiration vulnerability. | 7.5 |
| 2024-09-27 | CVE-2024-46453 | Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-09-27 | CVE-2024-47186 | Cross-site Scripting vulnerability in Filamentphp Filament Filament is a collection of full-stack components for Laravel development. | 6.1 |
| 2024-09-27 | CVE-2024-9291 | Cross-site Scripting vulnerability in Kvf-Admin Project Kvf-Admin 20220212 A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. | 5.4 |