Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8484 | SQL Injection vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-09-25 | CVE-2024-8485 | Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. | 9.8 |
| 2024-09-25 | CVE-2024-8549 | Cross-site Scripting vulnerability in Xtendify Simple Calendar The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. | 6.1 |
| 2024-09-25 | CVE-2024-8621 | SQL Injection vulnerability in Mmrs151 Daily Prayer Time The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-09-25 | CVE-2024-8713 | Cross-site Scripting vulnerability in Pierros Kodex Posts Likes 2.4.3 The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. | 6.1 |
| 2024-09-25 | CVE-2024-8741 | Cross-site Scripting vulnerability in Outtheboxthemes Beam ME UP Scotty The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. | 6.1 |
| 2024-09-25 | CVE-2024-9024 | Cross-site Scripting vulnerability in Braginteractive Material Design Icons The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9027 | Cross-site Scripting vulnerability in Wpzoom Shortcodes The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9028 | Cross-site Scripting vulnerability in Devfarm WP GPX Maps The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-9068 | Cross-site Scripting vulnerability in Themexclub Oneelements The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. | 5.4 |