Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-14 | CVE-2024-8862 | Deserialization of Untrusted Data vulnerability in H2O 3.46.0.4 A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. | 9.8 |
| 2024-09-14 | CVE-2024-6482 | Unspecified vulnerability in Idehweb Login With Phone Number The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. | 8.8 |
| 2024-09-14 | CVE-2023-3410 | Cross-site Scripting vulnerability in Bricksbuilder Bricks The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-14 | CVE-2024-8797 | Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. | 6.1 |
| 2024-09-14 | CVE-2024-8246 | Unspecified vulnerability in Themekraft Buddyforms The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. | 8.8 |
| 2024-09-14 | CVE-2024-8479 | Code Injection vulnerability in Webliberty Simple Spoiler The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. | 7.3 |
| 2024-09-14 | CVE-2024-8669 | SQL Injection vulnerability in Softaculous Backuply The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-09-14 | CVE-2024-8724 | Cross-site Scripting vulnerability in Xootix Waitlist Woocommerce The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. | 6.1 |
| 2024-09-14 | CVE-2022-3459 | Authorization Bypass Through User-Controlled Key vulnerability in Lilmonkee Woocommerce multiple Free Gift The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. | 5.3 |
| 2024-09-14 | CVE-2024-8271 | Code Injection vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. | 7.3 |