Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-02 CVE-2024-9896 The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
6.1
2024-11-02 CVE-2024-10310 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-11-02 CVE-2024-10540 The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
high complexity
CWE-89
5.3
2024-11-02 CVE-2024-8739 The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
CWE-79
6.1
2024-11-02 CVE-2024-9868 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
2024-11-01 CVE-2024-41741 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
network
low complexity
CWE-208
5.3
2024-11-01 CVE-2024-41744 IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
6.5
2024-11-01 CVE-2024-41745 IBM CICS TX Standard is vulnerable to cross-site scripting.
network
low complexity
CWE-79
6.1
2024-11-01 CVE-2024-10367 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-11-01 CVE-2024-10232 The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4