Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-9105 The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3.
network
low complexity
CWE-288
critical
9.8
2024-10-16 CVE-2024-9305 The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4.
network
high complexity
CWE-640
8.1
2024-10-16 CVE-2024-9521 The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-10-16 CVE-2024-9634 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter.
network
low complexity
CWE-502
critical
9.8
2024-10-16 CVE-2024-9647 The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-10-16 CVE-2024-9649 The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4.
network
low complexity
CWE-352
4.3
2024-10-16 CVE-2024-9652 The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping.
network
low complexity
6.1
2024-10-16 CVE-2024-9891 The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1.
network
low complexity
CWE-862
4.3
2024-10-16 CVE-2024-49340 Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2024-10-15 CVE-2024-38139 Unspecified vulnerability in Microsoft Dataverse
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
network
low complexity
microsoft
8.8