Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-10793 | Cross-site Scripting vulnerability in Melapress WP Activity LOG The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-39610 | Cross-site Scripting vulnerability in Cleancoder Fitnesse Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. | 6.1 |
| 2024-11-15 | CVE-2024-9356 | Cross-site Scripting vulnerability in Yotpo The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-10897 | Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. | 4.3 |
| 2024-11-15 | CVE-2024-9609 | Cross-site Scripting vulnerability in Thimpress Learnpress Export Import The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-10924 | Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. | 9.8 |
| 2024-11-15 | CVE-2024-11120 | Certain EOL GeoVision devices have an OS Command Injection vulnerability. | 9.8 |
| 2024-11-14 | CVE-2017-13227 | Unspecified vulnerability in Google Android 8.0/8.1 In the autofill service, the package name that is provided by the app process is trusted inappropriately. | 5.5 |
| 2024-11-14 | CVE-2024-52308 | Command Injection vulnerability in Github CLI The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. | 9.6 |
| 2024-11-14 | CVE-2024-52613 | Out-of-bounds Read vulnerability in Justdan96 Tsmuxer Nightly20240512020118 A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file. | 5.5 |