Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-11028 The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5.
network
low complexity
CWE-288
critical
9.8
2024-11-13 CVE-2024-9059 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-11-13 CVE-2024-9668 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-13 CVE-2024-9682 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
2024-11-13 CVE-2024-10877 The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0.
network
low complexity
CWE-79
6.1
2024-11-13 CVE-2024-10800 The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6.
network
low complexity
CWE-862
8.8
2024-11-13 CVE-2024-11150 The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6.
network
low complexity
CWE-22
critical
9.8
2024-11-13 CVE-2024-10174 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key.
network
low complexity
CWE-639
7.3
2024-11-13 CVE-2024-10794 The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-13 CVE-2024-10802 The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7.
network
low complexity
CWE-862
5.3