Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-6594 | Improper Handling of Exceptional Conditions vulnerability in Watchguard Single Sign-On Client Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. | 7.5 |
| 2024-09-25 | CVE-2024-8858 | Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-9169 | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. | 5.5 |
| 2024-09-25 | CVE-2024-47303 | Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5. | 5.4 |
| 2024-09-25 | CVE-2024-8175 | An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | 7.5 |
| 2024-09-25 | CVE-2024-3866 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-25 | CVE-2024-8290 | Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. | 8.8 |
| 2024-09-25 | CVE-2024-8678 | Missing Authorization vulnerability in Revolut Gateway for Woocommerce The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. | 5.3 |
| 2024-09-25 | CVE-2024-8910 | Unspecified vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. | 4.3 |
| 2024-09-25 | CVE-2024-6845 | Missing Authorization vulnerability in Smartsearchwp The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key | 5.3 |