| 2024-11-09 | CVE-2024-10674 | The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. | 8.8 |
| 2024-11-09 | CVE-2024-10693 | Authorization Bypass Through User-Controlled Key vulnerability in Sktthemes SKT Addons for Elementor
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-9226 | The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.6. | 6.1 |
| 2024-11-09 | CVE-2024-10284 | Missing Authentication for Critical Function vulnerability in Ce21 Suite
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. | 9.8 |
| 2024-11-09 | CVE-2024-10285 | Unspecified vulnerability in Ce21 Suite
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. network low complexity ce21 | 7.5 |
| 2024-11-09 | CVE-2024-10294 | Unspecified vulnerability in Ce21 Suite
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. network low complexity ce21 | 7.5 |
| 2024-11-09 | CVE-2024-10586 | The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. network low complexity CWE-862 critical | 9.8 |
| 2024-11-09 | CVE-2024-10588 | The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. | 4.3 |
| 2024-11-09 | CVE-2024-10779 | Unspecified vulnerability in Codeless Cowidgets Elementor Addons
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-8960 | Cross-site Scripting vulnerability in Codeless Cowidgets Elementor Addons
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. | 5.4 |