| 2024-10-11 | CVE-2024-9538 | The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. | 4.3 |
| 2024-10-11 | CVE-2024-9543 | The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-11 | CVE-2024-9586 | Unspecified vulnerability in Linkz.Ai
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. | 5.3 |
| 2024-10-11 | CVE-2024-9587 | Missing Authorization vulnerability in Linkz.Ai
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. | 4.3 |
| 2024-10-11 | CVE-2024-9610 | The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. | 6.1 |
| 2024-10-11 | CVE-2024-9611 | The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. | 6.1 |
| 2024-10-11 | CVE-2024-9616 | The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. | 6.1 |
| 2024-10-11 | CVE-2024-9822 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Pedalo Connector
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. | 9.8 |
| 2024-10-10 | CVE-2024-47867 | Unspecified vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping. | 7.5 |
| 2024-10-10 | CVE-2024-47868 | Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping. | 7.5 |