Latest CVE Feed
-
8.5
HIGHCVE-2024-51621
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Reza Sh Download-Mirror-Counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
8.5
HIGHCVE-2024-51619
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Market360.Co Market 360 Viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through 1.01.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
8.5
HIGHCVE-2024-51607
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Buddy Lindsey Golf Tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through 0.7.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
8.5
HIGHCVE-2024-51601
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator allows SQL Injection.This issue affects Website price calculator: from n/a through 4.1.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
9.8
CRITICALCVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthe... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
9.8
CRITICALCVE-2024-10589
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.1
MEDIUMCVE-2024-9226
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.... Read more
Affected Products : landing_page_cat- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-9262
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This mak... Read more
Affected Products : user_meta_user_profile_builder_and_user_management- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
9.8
CRITICALCVE-2024-10871
The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51689
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51694
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51703
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genethick WP-Basics allows Reflected XSS.This issue affects WP-Basics: from n/a through 2.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51705
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Bruner WP MMenu Lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51612
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ken Charity Reftagger Shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51691
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryan Duntley Admin Amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through 1.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51673
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.1
MEDIUMCVE-2024-10837
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51760
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RistrettoApps Dashing Memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51719
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevin Walker, Roman Peterhans Simplistic SEO allows Reflected XSS.This issue affects Simplistic SEO: from n/a through 2.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51714
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Syed Umair Hussain Shah User Password Reset allows Reflected XSS.This issue affects User Password Reset: from n/a through 1.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024