Latest CVE Feed
-
6.4
MEDIUMCVE-2024-9455
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
7.5
HIGHCVE-2024-44018
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
9.6
CRITICALCVE-2024-44014
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
4.9
MEDIUMCVE-2024-9146
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0.... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
8.1
HIGHCVE-2024-44023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
7.5
HIGHCVE-2024-47324
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeli... Read more
Affected Products :- Published: Oct. 05, 2024
- Modified: Oct. 07, 2024
-
7.1
HIGHCVE-2024-47367
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0.... Read more
Affected Products : yith_woocommerce_product_add-ons- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
7.3
HIGHCVE-2023-6361
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a l... Read more
Affected Products :- Published: Oct. 07, 2024
- Modified: Oct. 07, 2024
-
7.6
HIGHCVE-2024-47335
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.... Read more
Affected Products :- Published: Oct. 07, 2024
- Modified: Oct. 07, 2024
-
6.3
MEDIUMCVE-2024-9554
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation l... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
6.5
MEDIUMCVE-2024-44027
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6.... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
9.3
CRITICALCVE-2024-47350
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.... Read more
Affected Products : yith_woocommerce_ajax_search- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
7.1
HIGHCVE-2024-44029
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
6.5
MEDIUMCVE-2024-47307
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a thro... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
7.1
HIGHCVE-2024-47306
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protectio... Read more
Affected Products : secure_copy_content_protection_and_content_locking- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
5.9
MEDIUMCVE-2024-47299
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construc... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
5.9
MEDIUMCVE-2024-44043
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27.... Read more
Affected Products : photo_gallery- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
6.5
MEDIUMCVE-2024-47355
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11.... Read more
Affected Products :- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
7.1
HIGHCVE-2024-47346
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.... Read more
Affected Products : newsletters- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024
-
6.5
MEDIUMCVE-2024-47343
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4.... Read more
Affected Products : mega_elements- Published: Oct. 06, 2024
- Modified: Oct. 07, 2024