Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-8729 Cross-site Scripting vulnerability in Idiom Easy Social Share Buttons
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5.
network
low complexity
idiom CWE-79
6.1
6.1
2024-10-10 CVE-2024-8987 Cross-site Scripting vulnerability in Kainelabs Youzify
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
kainelabs CWE-79
5.4
5.4
2024-10-10 CVE-2024-9057 Cross-site Scripting vulnerability in Curator Curator.Io
The Curator.io: Show all your social media posts in a beautiful feed.
network
low complexity
curator CWE-79
5.4
5.4
2024-10-10 CVE-2024-9064 Cross-site Scripting vulnerability in Namogo Elementor Inline SVG
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping.
network
low complexity
namogo CWE-79
5.4
5.4
2024-10-10 CVE-2024-9065 Missing Authorization vulnerability in Matbao WP Helper Premium
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1.
network
low complexity
matbao CWE-862
5.3
5.3
2024-10-10 CVE-2024-9066 Cross-site Scripting vulnerability in Secretlab Marketing and SEO Booster
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping.
network
low complexity
secretlab CWE-79
5.4
5.4
2024-10-10 CVE-2024-9072 Cross-site Scripting vulnerability in Gdpr-Extensions Consent Manager
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
gdpr-extensions CWE-79
5.4
5.4
2024-10-10 CVE-2024-9205 Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-10 CVE-2024-9377 Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-10 CVE-2024-9457 Cross-site Scripting vulnerability in Cssjockey WP Builder 3.0.7
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping.
network
low complexity
cssjockey CWE-79
5.4
5.4