Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-10	CVE-2024-48957	Out-of-bounds Read vulnerability in Libarchive execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. local low complexity libarchive CWE-125	7.8
2024-10-10	CVE-2024-48958	Out-of-bounds Read vulnerability in Libarchive execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. local low complexity libarchive CWE-125	7.8
2024-10-10	CVE-2024-8513	Missing Authorization vulnerability in Quarka QA Analytics The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. network low complexity quarka CWE-862	5.3
2024-10-10	CVE-2024-8729	Cross-site Scripting vulnerability in Idiom Easy Social Share Buttons The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. network low complexity idiom CWE-79	6.1
2024-10-10	CVE-2024-8987	Cross-site Scripting vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kainelabs CWE-79	5.4
2024-10-10	CVE-2024-9057	Cross-site Scripting vulnerability in Curator Curator.Io The Curator.io: Show all your social media posts in a beautiful feed. network low complexity curator CWE-79	5.4
2024-10-10	CVE-2024-9064	Cross-site Scripting vulnerability in Namogo Elementor Inline SVG The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. network low complexity namogo CWE-79	5.4
2024-10-10	CVE-2024-9065	Missing Authorization vulnerability in Matbao WP Helper Premium The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. network low complexity matbao CWE-862	5.3
2024-10-10	CVE-2024-9066	Cross-site Scripting vulnerability in Secretlab Marketing and SEO Booster The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. network low complexity secretlab CWE-79	5.4
2024-10-10	CVE-2024-9072	Cross-site Scripting vulnerability in Gdpr-Extensions Consent Manager The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. network low complexity gdpr-extensions CWE-79	5.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities