Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-1097 | Cross-site Scripting vulnerability in K5N Webcalendar 1.3.0 A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. | 5.4 |
| 2024-11-15 | CVE-2024-1240 | Open Redirect vulnerability in Pyload 0.5.0 An open redirection vulnerability exists in pyload/pyload version 0.5.0. | 6.1 |
| 2024-11-15 | CVE-2024-10311 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Cmorillas1 External Database Based Actions 0.1 The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. | 8.8 |
| 2024-11-15 | CVE-2024-8978 | Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. | 5.7 |
| 2024-11-15 | CVE-2024-8979 | Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. | 5.7 |
| 2024-11-15 | CVE-2024-10825 | Cross-site Scripting vulnerability in Wpplugins Hide MY WP Ghost The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-8961 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-15 | CVE-2024-10113 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-15 | CVE-2024-10260 | Cross-site Scripting vulnerability in Tripetto The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-10582 | Missing Authorization vulnerability in Smartwpress Music Player for Elementor The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. | 4.3 |