Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-24 | CVE-2024-8544 | Cross-site Scripting vulnerability in Fatcatapps Pixel CAT The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. | 6.1 |
| 2024-09-24 | CVE-2024-8657 | Cross-site Scripting vulnerability in Ggnome Garden Gnome Package The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-24 | CVE-2024-8662 | Cross-site Scripting vulnerability in Ibericode Koko Analytics The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. | 6.1 |
| 2024-09-24 | CVE-2024-8716 | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |
| 2024-09-24 | CVE-2024-8738 | Cross-site Scripting vulnerability in Castos Seriously Simple Stats The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-09-24 | CVE-2024-8795 | Cross-Site Request Forgery (CSRF) vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. | 8.8 |
| 2024-09-23 | CVE-2024-7023 | Unspecified vulnerability in Google Chrome Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. | 8.8 |
| 2024-09-23 | CVE-2024-7024 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2024-09-23 | CVE-2018-20072 | Unspecified vulnerability in Google Chrome Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. | 7.8 |
| 2024-09-23 | CVE-2021-38023 | Use After Free vulnerability in Google Chrome Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |