Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-04	CVE-2024-9372	Cross-site Scripting vulnerability in Wpblockshub WP Blocks HUB The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. network low complexity wpblockshub CWE-79	5.4
2024-10-04	CVE-2024-9375	Cross-site Scripting vulnerability in Techbanker Captcha Bank The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. network low complexity techbanker CWE-79	6.1
2024-10-04	CVE-2024-9384	Cross-site Scripting vulnerability in Wpfactory Quantity Dynamic Pricing & Bulk Discounts for Woocommerce The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. network low complexity wpfactory CWE-79	6.1
2024-10-04	CVE-2024-9421	Cross-site Scripting vulnerability in Prontotools Login Logout Shortcode The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. network low complexity prontotools CWE-79	5.4
2024-10-04	CVE-2024-9445	Cross-site Scripting vulnerability in Acekyd Display Medium Posts The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity acekyd CWE-79	5.4
2024-10-04	CVE-2024-44204	Unspecified vulnerability in Apple Iphone OS A logic issue was addressed with improved validation. local low complexity apple	5.5
2024-10-04	CVE-2024-44207	Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. network low complexity apple	4.3
2024-10-03	CVE-2024-42417	SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. network low complexity deltaww CWE-89	8.8
2024-10-03	CVE-2024-43699	SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. network low complexity deltaww CWE-89 critical	9.8
2024-10-03	CVE-2024-41587	Cross-site Scripting vulnerability in Draytek products Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. network low complexity draytek CWE-79	5.4

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities