Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8621 | SQL Injection vulnerability in Mmrs151 Daily Prayer Time The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-09-25 | CVE-2024-8713 | Cross-site Scripting vulnerability in Pierros Kodex Posts Likes 2.4.3 The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. | 6.1 |
| 2024-09-25 | CVE-2024-8741 | Cross-site Scripting vulnerability in Outtheboxthemes Beam ME UP Scotty The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. | 6.1 |
| 2024-09-25 | CVE-2024-9024 | Cross-site Scripting vulnerability in Braginteractive Material Design Icons The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9027 | Cross-site Scripting vulnerability in Wpzoom Shortcodes The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9028 | Cross-site Scripting vulnerability in Devfarm WP GPX Maps The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9068 | Cross-site Scripting vulnerability in Themexclub Oneelements The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-9069 | Cross-site Scripting vulnerability in Graphicsly The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-9073 | Cross-site Scripting vulnerability in Gutengeek Free Gutenberg Blocks The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |