Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9944 | Cross-site Scripting vulnerability in Woocommerce The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. | 6.1 |
| 2024-10-15 | CVE-2024-21535 | Cross-site Scripting vulnerability in Quantizor Markdown-To-Jsx Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. | 6.1 |
| 2024-10-15 | CVE-2024-9969 | Cross-site Scripting vulnerability in Newtype Webeip 3.0 NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. | 5.4 |
| 2024-10-15 | CVE-2024-9970 | Unspecified vulnerability in Newtype Flowmaster BPM Plus The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. | 8.8 |
| 2024-10-15 | CVE-2024-9971 | SQL Injection vulnerability in Newtype Flowmaster BPM Plus The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9968 | SQL Injection vulnerability in Newtype Webeip 3.0 WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. | 8.8 |
| 2024-10-15 | CVE-2024-6757 | Unspecified vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. | 4.3 |
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-15 | CVE-2024-9820 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. | 7.5 |
| 2024-10-15 | CVE-2024-9952 | Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. | 4.8 |