Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-04 CVE-2024-11935 The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-12-04 CVE-2024-11854 The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-12-04 CVE-2024-54153 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
network
low complexity
jetbrains CWE-306
6.5
2024-12-04 CVE-2024-54154 Path Traversal vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
network
low complexity
jetbrains CWE-22
critical
9.8
2024-12-04 CVE-2024-54155 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
network
low complexity
jetbrains CWE-306
5.3
2024-12-04 CVE-2024-54156 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
network
low complexity
jetbrains
6.5
2024-12-04 CVE-2024-54157 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
network
low complexity
jetbrains
6.5
2024-12-04 CVE-2024-54158 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
network
low complexity
jetbrains CWE-290
5.3
2024-12-04 CVE-2024-8962 Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping.
network
low complexity
wpbits CWE-79
5.4
2024-12-04 CVE-2024-11814 The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1