Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-25 CVE-2020-11311 This record is rejected as duplicate.
local
low complexity
6.2
2024-11-23 CVE-2024-35160 IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
network
low complexity
CWE-613
4.3
2024-11-23 CVE-2024-11034 The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4.
network
low complexity
CWE-94
7.3
2024-11-23 CVE-2024-11228 The ????? ?? ???? – ???? ?? ???? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-23 CVE-2024-11229 The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-23 CVE-2024-11231 The ???? ????? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-23 CVE-2024-10519 The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-11-23 CVE-2024-11199 The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-23 CVE-2024-11227 The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberlite_accordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-23 CVE-2024-10803 The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file.
network
low complexity
CWE-22
7.5