Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-8430 | The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. | 5.3 |
| 2024-10-01 | CVE-2024-8793 | Cross-site Scripting vulnerability in Visser Store Exporter for Woocommerce The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. | 6.1 |
| 2024-10-01 | CVE-2024-8799 | Cross-site Scripting vulnerability in Goldplugins Custom Banners The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. | 6.1 |
| 2024-10-01 | CVE-2024-9018 | SQL Injection vulnerability in Plugingarden WP Easy Gallery The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-10-01 | CVE-2024-9209 | Cross-site Scripting vulnerability in Cornelraiu WP Search Analytics The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. | 6.1 |
| 2024-10-01 | CVE-2024-9220 | Cross-site Scripting vulnerability in Petershaw LH Copy Media File The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. | 6.1 |
| 2024-10-01 | CVE-2024-9224 | Path Traversal vulnerability in Kau-Boys Hello World The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. | 6.5 |
| 2024-10-01 | CVE-2024-9228 | Cross-site Scripting vulnerability in Duckdev Loggedin The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. | 6.1 |
| 2024-10-01 | CVE-2024-9241 | Cross-site Scripting vulnerability in Contempo PDF Image Generator The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. | 6.1 |
| 2024-10-01 | CVE-2024-9265 | Unspecified vulnerability in Coderevolution Echo RSS Feed Post Generator The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. | 9.8 |