| 2024-07-09 | CVE-2024-37224 | Path Traversal vulnerability in Smartypantsplugins SP Project & Document Manager
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71. | 6.5 |
| 2024-07-09 | CVE-2024-3228 | Unspecified vulnerability in Wpkube Kiwi Social Share
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. | 5.3 |
| 2024-07-09 | CVE-2024-3563 | Cross-site Scripting vulnerability in Wpengine Genesis Blocks
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-09 | CVE-2024-3603 | Cross-site Scripting vulnerability in Hyumika Openstreetmap
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. | 5.4 |
| 2024-07-09 | CVE-2024-4102 | The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. | 5.4 |
| 2024-07-09 | CVE-2024-4868 | The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-07-09 | CVE-2024-5457 | Cross-site Scripting vulnerability in Pandavideo Panda Video
The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-5600 | The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. | 5.4 |
| 2024-07-09 | CVE-2024-5648 | The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. | 5.4 |
| 2024-07-09 | CVE-2024-5669 | The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. | 6.4 |