Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-18	CVE-2024-38820	Unspecified vulnerability in VMWare Spring Framework The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. network low complexity vmware	5.3
2024-10-18	CVE-2024-46897	Incorrect Permission Assignment for Critical Resource vulnerability in Exceedone Exment Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. network low complexity exceedone CWE-732	3.8
2024-10-18	CVE-2024-47793	Cross-site Scripting vulnerability in Exceedone Exment Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. network low complexity exceedone CWE-79	5.4
2024-10-18	CVE-2024-10014	Cross-site Scripting vulnerability in Tiandiyoyo Flat UI Button 1.0 The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity tiandiyoyo CWE-79	5.4
2024-10-18	CVE-2024-10040	Cross-Site Request Forgery (CSRF) vulnerability in Infinite-Scroll The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. network low complexity infinite-scroll CWE-352	4.3
2024-10-18	CVE-2024-10049	Cross-site Scripting vulnerability in Edit Woocommerce Templates Project Edit Woocommerce Templates The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. network low complexity edit-woocommerce-templates-project CWE-79	6.1
2024-10-18	CVE-2024-10119	OS Command Injection vulnerability in ZTE Wrtm326 Firmware The wireless router WRTM326 from SECOM does not properly validate a specific parameter. network low complexity zte CWE-78 critical	9.8
2024-10-18	CVE-2024-8740	Cross-site Scripting vulnerability in Fatcatapps Getresponse Forms The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. network low complexity fatcatapps CWE-79	6.1
2024-10-18	CVE-2024-8790	Cross-site Scripting vulnerability in Themeinwp Social Share With Floating BAR The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. network low complexity themeinwp CWE-79	6.1
2024-10-18	CVE-2024-8916	Cross-site Scripting vulnerability in Sukiwp Suki Sites Import The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. network low complexity sukiwp CWE-79	5.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities