| 2024-11-19 | CVE-2024-11036 | The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. | 7.3 |
| 2024-11-19 | CVE-2024-11038 | The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form AJAX action in all versions up to, and including, 1.7.5. | 7.3 |
| 2024-11-18 | CVE-2024-52427 | Code Injection vulnerability in Vollstart Event Tickets With Ticket Scanner
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. | 8.8 |
| 2024-11-18 | CVE-2024-52434 | Code Injection vulnerability in Supsystic Popup
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. | 9.1 |
| 2024-11-16 | CVE-2024-10262 | The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. | 6.3 |
| 2024-11-16 | CVE-2024-9839 | The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. | 7.3 |
| 2024-11-15 | CVE-2024-11247 | Code Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. | 5.4 |
| 2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
| 2024-11-10 | CVE-2024-10958 | Code Injection vulnerability in Wppa WP Photo Album Plus
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . | 7.3 |
| 2024-11-09 | CVE-2024-10261 | The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. | 7.3 |