Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-28 CVE-2024-11960 Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01
A vulnerability was found in D-Link DIR-605L 2.13B01.
network
low complexity
dlink CWE-120
8.8
2024-11-28 CVE-2024-11961 Unspecified vulnerability in Huayi-Tec Jeewms 3.7
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7.
network
low complexity
huayi-tec
7.5
2024-11-28 CVE-2024-7747 The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6.
network
low complexity
CWE-681
6.5
2024-11-28 CVE-2024-52481 Unspecified vulnerability in Astoundify Jobify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
network
low complexity
astoundify
7.5
2024-11-28 CVE-2024-53737 Cross-site Scripting vulnerability in Wpmailster WP Mailster
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.
network
low complexity
wpmailster CWE-79
5.4
2024-11-28 CVE-2024-10670 The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10780 The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10798 Authorization Bypass Through User-Controlled Key vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
royal-elementor-addons CWE-639
4.3
2024-11-28 CVE-2024-11203 The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-11-28 CVE-2024-11333 The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4