Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-12 CVE-2024-7489 The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2024-10-12 CVE-2024-9187 The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8.
network
low complexity
CWE-862
4.3
4.3
2024-10-12 CVE-2024-9656 The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-10-12 CVE-2024-9670 The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2.
network
low complexity
CWE-79
6.1
6.1
2024-10-12 CVE-2024-9776 Cross-site Scripting vulnerability in Getbutterfly Imagepress
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
getbutterfly CWE-79
4.8
4.8
2024-10-12 CVE-2024-9778 Cross-Site Request Forgery (CSRF) vulnerability in Getbutterfly Imagepress
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2.
network
low complexity
getbutterfly CWE-352
4.3
4.3
2024-10-12 CVE-2024-9824 The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2.
network
low complexity
CWE-862
4.3
4.3
2024-10-12 CVE-2024-9592 The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
network
low complexity
CWE-352
6.1
6.1
2024-10-12 CVE-2024-9821 The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4.
network
low complexity
CWE-200
8.8
8.8
2024-10-12 CVE-2024-9860 The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3.
network
low complexity
CWE-862
6.5
6.5