Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-9436 The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14.
network
low complexity
CWE-79
6.1
6.1
2024-10-11 CVE-2024-9538 The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php.
network
low complexity
CWE-200
4.3
4.3
2024-10-11 CVE-2024-9543 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-11 CVE-2024-9586 The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
6.5
6.5
2024-10-11 CVE-2024-9587 The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
5.4
5.4
2024-10-11 CVE-2024-9610 The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13.
network
low complexity
CWE-79
6.1
6.1
2024-10-11 CVE-2024-9611 The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.
network
low complexity
 6.1
6.1
2024-10-11 CVE-2024-9616 The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10.
network
low complexity
CWE-79
6.1
6.1
2024-10-11 CVE-2024-9822 Authentication Bypass Using an Alternate Path or Channel vulnerability in Pedalo Connector
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5.
network
low complexity
pedalo CWE-288
critical
 9.8
9.8
2024-10-10 CVE-2024-47867 Unspecified vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project
7.5
7.5