Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-8793 The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-8799 The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-9209 The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-9220 The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-9224 The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function.
network
low complexity
6.5
2024-10-01 CVE-2024-9228 The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-9241 The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6.
network
low complexity
CWE-79
6.1
2024-10-01 CVE-2024-8632 The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6.
network
low complexity
CWE-862
6.5
2024-10-01 CVE-2024-8675 The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2.
network
low complexity
CWE-862
4.3
2024-10-01 CVE-2024-8718 The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1