Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-04	CVE-2024-54158	Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding network low complexity jetbrains CWE-290	5.3
2024-12-04	CVE-2024-8962	Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. network low complexity wpbits CWE-79	5.4
2024-12-04	CVE-2024-11814	The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-04	CVE-2024-10787	The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. network low complexity CWE-639	4.3
2024-12-04	CVE-2024-11880	The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-04	CVE-2024-5020	Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-04	CVE-2023-6978	The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-04	CVE-2024-10664	The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. network low complexity CWE-862	4.3
2024-12-04	CVE-2024-11466	The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-04	CVE-2024-11769	The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities