| 2024-10-13 | CVE-2024-9906 | Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. | 5.4 |
| 2024-10-12 | CVE-2024-8915 | The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-12 | CVE-2024-9595 | The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-12 | CVE-2024-9696 | Cross-site Scripting vulnerability in Rescuethemes Rescue Shortcodes
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-12 | CVE-2024-9704 | Cross-site Scripting vulnerability in Ibericode Social Sharing
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-12 | CVE-2024-7489 | The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. network high complexity CWE-79 | 4.4 |
| 2024-10-12 | CVE-2024-9670 | The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. | 6.1 |
| 2024-10-12 | CVE-2024-9776 | Cross-site Scripting vulnerability in Getbutterfly Imagepress
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-10-11 | CVE-2024-48937 | Cross-site Scripting vulnerability in Znuny
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. | 6.1 |
| 2024-10-11 | CVE-2024-9211 | The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. | 6.1 |