Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-7100 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-07-29 CVE-2024-7202 The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-07-29 CVE-2024-5670 The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
network
low complexity
CWE-78
critical
 9.8
9.8
2024-07-29 CVE-2024-7201 The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-07-27 CVE-2024-6703 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping.
network
high complexity
 4.9
4.9
2024-07-27 CVE-2024-5614 The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-6518 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping.
network
low complexity
 5.5
5.5
2024-07-27 CVE-2024-6520 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping.
network
low complexity
 5.5
5.5
2024-07-27 CVE-2024-6521 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping.
network
low complexity
 5.5
5.5
2024-07-27 CVE-2024-6627 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4