Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-10877 | Cross-site Scripting vulnerability in Advancedformintegration Advanced Form Integration The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. | 6.1 |
| 2024-11-13 | CVE-2024-52268 | Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. | 4.8 |
| 2024-11-13 | CVE-2024-10575 | Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | 9.8 |
| 2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
| 2024-11-13 | CVE-2024-9409 | Unspecified vulnerability in Schneider-Electric products CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | 7.5 |
| 2024-11-13 | CVE-2024-10794 | The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-13 | CVE-2024-10802 | The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. | 5.3 |
| 2024-11-13 | CVE-2024-10816 | The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. network low complexity | 7.5 |
| 2024-11-13 | CVE-2024-10820 | Unspecified vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. | 9.8 |
| 2024-11-13 | CVE-2024-10828 | Unspecified vulnerability in Algolplus Advanced Order Export for Woocommerce The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. | 9.8 |