| 2024-11-21 | CVE-2024-11455 | The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-21 | CVE-2024-11456 | The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. | 6.1 |
| 2024-11-21 | CVE-2024-52067 | Information Exposure Through Log Files vulnerability in Apache Nifi
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. | 4.9 |
| 2024-11-21 | CVE-2024-9111 | The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-11-21 | CVE-2024-9371 | The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. | 6.1 |
| 2024-11-21 | CVE-2024-9442 | Cross-site Scripting vulnerability in F4Dev F4 Improvements
The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-21 | CVE-2024-9542 | Information Exposure vulnerability in Wowdevs SKY Addons for Elementor
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. | 4.3 |
| 2024-11-21 | CVE-2024-9768 | Cross-site Scripting vulnerability in Strategy11 Formidable Forms
The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-11-21 | CVE-2024-9851 | Cross-site Scripting vulnerability in Lightspeedwp LSX Tour Operator
The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-21 | CVE-2024-52755 | Out-of-bounds Write vulnerability in Dlink Di-8003 Firmware 16.07.16A1
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. | 4.9 |