Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-10040 The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2.
network
low complexity
CWE-352
5.3
5.3
2024-10-18 CVE-2024-10049 The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-18 CVE-2024-10119 The wireless router WRTM326 from SECOM does not properly validate a specific parameter.
network
low complexity
CWE-78
critical
 9.8
9.8
2024-10-18 CVE-2024-8740 The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6.
network
low complexity
CWE-79
6.1
6.1
2024-10-18 CVE-2024-8790 The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3.
network
low complexity
CWE-79
6.1
6.1
2024-10-18 CVE-2024-8916 The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-18 CVE-2024-9350 The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-18 CVE-2024-9361 The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1.
network
low complexity
 4.3
4.3
2024-10-18 CVE-2024-9364 The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4.
network
low complexity
CWE-862
4.3
4.3
2024-10-18 CVE-2024-9366 The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4