| 2024-10-01 | CVE-2024-9289 | Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. | 9.8 |
| 2024-10-01 | CVE-2024-7432 | Deserialization of Untrusted Data vulnerability in Ultrapress Unseen Blog
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. | 8.8 |
| 2024-10-01 | CVE-2024-7433 | Deserialization of Untrusted Data vulnerability in Ultrapress Empowerment
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. | 8.8 |
| 2024-10-01 | CVE-2024-7434 | Deserialization of Untrusted Data vulnerability in Ultrapress
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. | 8.8 |
| 2024-10-01 | CVE-2024-7869 | The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. | 7.2 |
| 2024-10-01 | CVE-2024-8548 | The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. | 8.1 |
| 2024-10-01 | CVE-2024-8632 | The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. | 6.5 |
| 2024-10-01 | CVE-2024-8675 | The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. | 4.3 |
| 2024-10-01 | CVE-2024-8718 | The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-01 | CVE-2024-8720 | The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |