Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-7818 Cross-site Scripting vulnerability in Michalaugustyniak Misiek Photo Album
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
michalaugustyniak CWE-79
6.1
6.1
2024-09-12 CVE-2024-7820 Cross-Site Request Forgery (CSRF) vulnerability in Elliot ILC Thickbox
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
elliot CWE-352
6.5
6.5
2024-09-12 CVE-2024-7822 Cross-site Scripting vulnerability in Gwycon Quick Code
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
gwycon CWE-79
6.1
6.1
2024-09-12 CVE-2024-7859 Cross-Site Request Forgery (CSRF) vulnerability in Visual Sound Project Visual Sound
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
visual-sound-project CWE-352
6.5
6.5
2024-09-12 CVE-2024-7860 Cross-site Scripting vulnerability in Outtolunchproductions Simple Headline Rotator
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
outtolunchproductions CWE-79
6.1
6.1
2024-09-12 CVE-2024-7861 Cross-site Scripting vulnerability in Michalaugustyniak Misiek Paypal
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
michalaugustyniak CWE-79
6.1
6.1
2024-09-12 CVE-2024-7862 Cross-Site Request Forgery (CSRF) vulnerability in Kimhuebel Blogintroduction-Wordpress-Plugin
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
kimhuebel CWE-352
6.5
6.5
2024-09-12 CVE-2024-8054 Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
mm-breaking-news-project CWE-79
6.1
6.1
2024-09-12 CVE-2024-8056 Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
network
low complexity
mm-breaking-news-project CWE-79
6.1
6.1
2024-09-12 CVE-2024-8711 Unspecified vulnerability in Oretnom23 Food Ordering Management System 1.0
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0.
network
low complexity
oretnom23
7.5
7.5