Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-24 | CVE-2024-8716 | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |
| 2024-09-24 | CVE-2024-8738 | Cross-site Scripting vulnerability in Castos Seriously Simple Stats The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-09-24 | CVE-2024-8795 | Cross-Site Request Forgery (CSRF) vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. | 8.8 |
| 2024-09-23 | CVE-2024-7023 | Unspecified vulnerability in Google Chrome Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. | 8.8 |
| 2024-09-23 | CVE-2024-7024 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2024-09-23 | CVE-2018-20072 | Unspecified vulnerability in Google Chrome Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. | 7.8 |
| 2024-09-23 | CVE-2021-38023 | Use After Free vulnerability in Google Chrome Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-09-23 | CVE-2023-7281 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-09-23 | CVE-2023-7282 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. | 4.3 |
| 2024-09-23 | CVE-2024-7018 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 7.8 |