Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-24 | CVE-2024-8794 | Unspecified vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. | 5.3 |
| 2024-09-24 | CVE-2024-38266 | Out-of-bounds Write vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
| 2024-09-24 | CVE-2024-38267 | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
| 2024-09-24 | CVE-2024-38268 | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
| 2024-09-24 | CVE-2024-38269 | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
| 2024-09-24 | CVE-2024-8432 | Missing Authorization vulnerability in Webba-Booking Webba Booking The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. | 4.3 |
| 2024-09-24 | CVE-2024-8544 | Cross-site Scripting vulnerability in Fatcatapps Pixel CAT The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. | 6.1 |
| 2024-09-24 | CVE-2024-8657 | Cross-site Scripting vulnerability in Ggnome Garden Gnome Package The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-24 | CVE-2024-8662 | Cross-site Scripting vulnerability in Ibericode Koko Analytics The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. | 6.1 |
| 2024-09-24 | CVE-2024-8716 | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |