Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-9407 A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction.
local
high complexity
CWE-20
4.7
4.7
2024-10-01 CVE-2024-9341 A flaw was found in Go.
network
high complexity
CWE-59
5.4
5.4
2024-10-01 CVE-2024-9355 A vulnerability was found in Golang FIPS OpenSSL.
local
high complexity
CWE-457
6.5
6.5
2024-10-01 CVE-2024-9060 The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-8288 The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-8324 The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-01 CVE-2024-8430 The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5.
network
low complexity
CWE-862
5.3
5.3
2024-10-01 CVE-2024-8793 The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1.
network
low complexity
CWE-79
6.1
6.1
2024-10-01 CVE-2024-8799 The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.
network
low complexity
CWE-79
6.1
6.1
2024-10-01 CVE-2024-9018 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
8.8
8.8