| 2024-10-12 | CVE-2024-9894 | SQL Injection vulnerability in Blood Bank System Project Blood Bank System 1.0
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. | 8.8 |
| 2024-10-12 | CVE-2024-8757 | The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-10-12 | CVE-2024-8902 | Unspecified vulnerability in Webtechstreet Elementor Addon Elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. | 4.3 |
| 2024-10-12 | CVE-2024-8760 | The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. | 5.3 |
| 2024-10-12 | CVE-2024-8915 | The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-12 | CVE-2024-9595 | The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-12 | CVE-2024-9696 | Cross-site Scripting vulnerability in Rescuethemes Rescue Shortcodes
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-12 | CVE-2024-9047 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. network low complexity CWE-22 critical | 9.8 |
| 2024-10-12 | CVE-2024-9704 | Cross-site Scripting vulnerability in Ibericode Social Sharing
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-12 | CVE-2024-9756 | Missing Authorization vulnerability in Directsoftware Order Attachments for Woocommerce
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. | 4.3 |