Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-8499 The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.7
4.7
2024-10-04 CVE-2024-9071 The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-04 CVE-2024-9271 The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-10-04 CVE-2024-9306 The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2024-10-04 CVE-2024-9435 The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-04 CVE-2024-8804 The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality.
network
low complexity
CWE-79
6.4
6.4
2024-10-04 CVE-2024-9242 The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-04 CVE-2024-8519 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-04 CVE-2024-8520 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6.
network
low complexity
 5.3
5.3
2024-10-04 CVE-2024-8802 The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2.
network
low complexity
CWE-79
6.1
6.1