Latest CVE Feed
-
7.3
HIGHCVE-2024-10640
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not p... Read more
Affected Products : fox_-_currency_switcher_professional_for_woocommerce- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51708
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51714
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Syed Umair Hussain Shah User Password Reset allows Reflected XSS.This issue affects User Password Reset: from n/a through 1.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51719
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevin Walker, Roman Peterhans Simplistic SEO allows Reflected XSS.This issue affects Simplistic SEO: from n/a through 2.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51760
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RistrettoApps Dashing Memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.1
MEDIUMCVE-2024-10837
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51673
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51691
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryan Duntley Admin Amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through 1.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51694
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51698
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luis Rock Master Bar allows Reflected XSS.This issue affects Master Bar: from n/a through 1.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51701
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mahesh Waghmare MG Post Contributors allows Reflected XSS.This issue affects MG Post Contributors: from n/a through 1.3..... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51703
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genethick WP-Basics allows Reflected XSS.This issue affects WP-Basics: from n/a through 2.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51705
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Bruner WP MMenu Lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
4.3
MEDIUMCVE-2024-10588
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level ... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51618
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu allows Stored XSS.This issue affects Custom Admin Menu: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51780
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael DUMONTET eewee admin custom allows Reflected XSS.This issue affects eewee admin custom: from n/a through 1.8.2.4.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
6.4
MEDIUMCVE-2024-10814
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
9.8
CRITICALCVE-2024-10547
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attacker... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
7.1
HIGHCVE-2024-51784
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through 1.4.2.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024
-
8.5
HIGHCVE-2024-51625
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EDC Team (E-Da`wah Committee) Quran Shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through 1.5.... Read more
Affected Products :- Published: Nov. 09, 2024
- Modified: Nov. 12, 2024