Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9205 | Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. | 6.1 |
| 2024-10-10 | CVE-2024-9377 | Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. | 6.1 |
| 2024-10-10 | CVE-2024-9457 | Cross-site Scripting vulnerability in Cssjockey WP Builder 3.0.7 The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-10 | CVE-2024-9518 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
| 2024-10-10 | CVE-2024-9519 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. | 7.2 |
| 2024-10-10 | CVE-2024-9522 | Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. | 8.8 |
| 2024-10-10 | CVE-2024-9581 | Code Injection vulnerability in Happyplugins Shortcodes Anywhere The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. | 7.3 |
| 2024-10-10 | CVE-2024-9685 | Missing Authorization vulnerability in Andreamarinucci Notification for Telegram The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. | 4.3 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-10-10 | CVE-2024-48941 | Unspecified vulnerability in Syracom Secure Login 3.1.1.0 The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. | 5.4 |