Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-8730 Cross-site Scripting vulnerability in Cvstech Exit Notifier
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1.
network
low complexity
cvstech CWE-79
6.1
6.1
2024-09-13 CVE-2024-8731 Cross-site Scripting vulnerability in Leira Cron Jobs
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.
network
low complexity
leira CWE-79
6.1
6.1
2024-09-13 CVE-2024-8732 Cross-site Scripting vulnerability in Leira Roles & Capabilities
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9.
network
low complexity
leira CWE-79
6.1
6.1
2024-09-13 CVE-2024-8734 Cross-site Scripting vulnerability in Lucasstad Lucas String Replace
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5.
network
low complexity
lucasstad CWE-79
6.1
6.1
2024-09-13 CVE-2024-8737 Cross-site Scripting vulnerability in Kubiq PDF Thumbnail Generator
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.
network
low complexity
kubiq CWE-79
6.1
6.1
2024-09-13 CVE-2024-8747 Cross-site Scripting vulnerability in Khromov Email Obfuscate Shortcode
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
khromov CWE-79
5.4
5.4
2024-09-13 CVE-2024-46044 Out-of-bounds Write vulnerability in Tenda Ch22 Firmware 1.0.0.6(468)
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2024-09-13 CVE-2024-46045 Out-of-bounds Write vulnerability in Tenda Ch22 Firmware 1.0.0.6(468)
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2024-09-13 CVE-2024-46046 Out-of-bounds Write vulnerability in Tenda Fh451 Firmware 1.0.0.9
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2024-09-13 CVE-2024-46047 Out-of-bounds Write vulnerability in Tenda Fh451 Firmware 1.0.0.9
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.
network
low complexity
tenda CWE-787
7.5
7.5