| 2024-11-13 | CVE-2024-10530 | Missing Authorization vulnerability in Kognetiks Chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. | 4.3 |
| 2024-11-13 | CVE-2024-10531 | Unspecified vulnerability in Kognetiks Chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. | 4.3 |
| 2024-11-13 | CVE-2024-10593 | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. | 4.3 |
| 2024-11-13 | CVE-2024-10684 | Cross-site Scripting vulnerability in Kognetiks Chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-13 | CVE-2024-10882 | The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. | 6.1 |
| 2024-11-13 | CVE-2024-11143 | Cross-Site Request Forgery (CSRF) vulnerability in Kognetiks Chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. | 4.3 |
| 2024-11-13 | CVE-2024-10038 | The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-13 | CVE-2024-10629 | The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. | 8.8 |
| 2024-11-13 | CVE-2024-10686 | The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'style_scheme' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-13 | CVE-2024-10717 | The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. | 6.5 |