• New Page 1

    RSSFacebookInstagramTwitterYouTubeYouTubeYouTubeYouTubeYouTubeYouTubeYouTube  

    AGÊNCIA JF | Social - Repositório

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

por | |

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 207 vulnerabilities disclosed in 200 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WAF-RULE-759 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 71
Unpatched 136

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 188
High Severity 10
Critical Severity 9

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 114
Cross-Site Request Forgery (CSRF) 40
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 20
Unrestricted Upload of File with Dangerous Type 9
Missing Authorization 6
Exposure of Sensitive Information to an Unauthorized Actor 4
Authentication Bypass Using an Alternate Path or Channel 2
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 2
Improper Control of Generation of Code (‘Code Injection’) 2
Authorization Bypass Through User-Controlled Key 1
External Control of File Name or Path 1
Improper Access Control 1
Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Insertion of Sensitive Information into Log File 1
Missing Authentication for Critical Function 1
Server-Side Request Forgery (SSRF) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

SOPROBRO

74

Gab

21

LVT-tholv2k

14

stealthcopter

9

Francesco Carlucci

8

Peter Thaleikis

8

theviper17y

8

vgo0

6

Trương Hữu Phúc (truonghuuphuc)

4

Khalid Yusuf

4

zer0gh0st

4

João Pedro Soares de Alcântara

4

Joshua Chan

3

Michael

3

István Márton

3

Colin Xu

3

floerer

2

Arkadiusz Hydzik

2

Jonas Höbenreich

2

Dmitry Derr

2

Thies Lukas

2

Zlrqh

2

Ankit Patel

2

C_T_R_L

1

Lesor101

1

ghsinfosec

1

Dmitrii Ignatyev

1

stehled

1

Bob Matyas

1

Marek Mikita

1

Rafie Muhammad

1

Roby Firnando Yusuf

1

Rafshanzani Suhada

1

Ananda Dhakal

1

thiennv

1

ardias

1

Certus Cybersecurity

1

Felipe Caon

1

Webbernaut

1

casol

1

João G. Barbosa (4rCanJ0x!)

1

TANG Cheuk Hei (siunam)

1

Vijaysimha Reddy (vijaysimha)

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
(dp) AddThis dp-addthis
3D Presentation 3d-presentation
Aajoda Testimonials aajoda-testimonials
Accordion title for Elementor accordion-title-for-elementor
Addressbook addressbook
Admin SMS Alert admin-sms-alert
Administrator Z administrator-z
Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager
Advanced PDF Generator advanced-pdf-generator
affiliate-toolkit affiliate-toolkit-starter
AI Power: Complete AI Pack gpt3-ai-content-generator
All Post Contact Form allpost-contactform
Alley Elementor Widget alley-elementor-widget
AmaDiscount Plugin amadiscount
amazing neo icon font for elementor amazing-neo-icon-font-for-elementor
Amazon Associate Filter amazon-associate-filter
AMP Img Shortcode amp-img-shortcode
Ancient World Linked Data for WordPress ancient-world-linked-data-for-wordpress
APK Downloader apk-downloader
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
Appointmind appointmind
Arconix Shortcodes arconix-shortcodes
aThemes Addons for Elementor athemes-addons-for-elementor-lite
Audio Comparison Lite audio-comparison-lite
Awesome Progress Bar awesome-progess-bar
Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis
AwesomePress awesomepress
BBP Core – Expand bbPress powered forums with useful features bbp-core
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beds24 Online Booking beds24-online-booking
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing betterlinks
Bigmart Elements bigmart-elements
Black Widgets For Elementor black-widgets
Blrt WP Embed blrt-wp-embed
Bonway Static Block Editor bonway-static-block-editor
bpmn.io bpmnio
Bricksable for Bricks Builder bricksable
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg 5-stars-rating-funnel
Classy Addons for Elementor classy-addons-for-elementor
Clever Addons for Elementor cafe-lite
Clyp clyp
CM Table Of Contents – WordPress TOC Plugin cm-table-of-content
Code Explorer code-explorer
Cresta Addons for Elementor cresta-addons-for-elementor
Crypto Tool crypto
Custom Admin Menu custom-admin-menu
Custom Author URL author-slug
Custom post type templates for Elementor custom-post-type-templates-for-elementor
DataMentor – Best DataTables Plugin for Elementor datamentor
Definitive Addons for Elementor definitive-addons-for-elementor
Delisho – Recipe Widgets and Blocks dr-widgets-blocks
Display Terms Shortcode display-terms-shortcode
Domain Sharding domain-sharding
Download Monitor download-monitor
Download-Mirror-Counter wp-download-mirror-counter
Dynamic Widgets dynamic-widgets
e-shopsカート2 e-shops-cart2
Easy Accordion Gutenberg Block easy-accordion-block
Easy Gallery simple-gallery-odihost
Easy SVG Upload easy-svg-upload
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
Elementary Addons elementary-addons
Elo Rating Shortcode elo-rating-shortcode
Emoji Shortcode emoji-shortcode
Enable Shortcodes inside Widgets,Comments and Experts enable-shortcodes-inside-widgetscomments-and-experts
EndomondoWP endomondowp
Events Manager Pro – extended events-manager-pro-extended
Exclusive Addons for Elementor exclusive-addons-for-elementor
Extender All In One For Elementor extender-all-in-one-for-elementor
EzyOnlineBookings Online Booking System Widget ezyonlinebookings-online-booking-system
Featured Posts Scroll featured-posts-scroll
FileOrganizer – Manage WordPress and Website Files fileorganizer
Flash Show And Hide Box flash-show-and-hide-box
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification
GDReseller gdreseller
Genoo genoo
Get Quote For Woocommerce – Request A Quote For Woocommerce get-a-quote-for-woocommerce
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) gift-voucher
Gmap Point List gmap-point-list
Golf Tracker golf-tracker
Group Chat & Video Chat by AtomChat atomchat
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Header Footer Composer for Elementor header-footer-composer
Hoo Addons for Elementor hoo-addons-for-elementor
Hover Video Preview hover-video-preview
HT Builder – WordPress Theme Builder for Elementor ht-builder
HT Politic – For Political WordPress Themes / Website wp-politic
ID-SK Toolkit idsk-toolkit
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation zero-bs-crm
Jetpackcrm Ext Woo Connect jetpackcrm-ext-woo-connect
Jigoshop – Store Exporter jigoshop-exporter
JS Help Desk – The Ultimate Help Desk & Support Plugin js-support-ticket
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates kata-plus
Kento Ads Rotator kento-ads-rotator
Knowledge Base knowledgebase
LH QR Codes lh-qr-codes
Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) magical-addons-for-elementor
Manage User Columns manage-user-columns
Market 360 Viewer market-360-viewer
Marquee Elementor with Posts marquee-elementor
MasterBip para Elementor masterbip-for-elementor
Masteriyo LMS – eLearning and Online Course Builder for WordPress learning-management-system
MDR Webmaster Tools mdr-webmaster-tools
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools media-library-tools
Media Library Assistant media-library-assistant
Media Modal media-modal
Meta Store Elements meta-store-elements
ML Responsive Audio player with playlist Shortcode mlr-audio
Mobilize mobilize
Move Addons for Elementor move-addons
Multi Purpose Mail Form multi-purpose-mail-form
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MyCurator Content Curation mycurator
MyOrderDesk myorderdesk
Naver Blog naver-blog-api
Newsletters newsletters-lite
NMR Strava activities nmr-strava-activities
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
Paytium: Mollie payment forms & donations paytium
Platform.ly Official platformly
Plug your WooCommerce into the largest catalog of customized print products from Helloprint helloprint
Plugin Name: GMO Social Connection gmo-social-connection
Porsline porsline
Post Status Notifier post-status-notifier
Post Status Notifier Lite post-status-notifier-lite
Premium Addons for Elementor premium-addons-for-elementor
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly pricer-ninja-pricing-tables
Pricing Tables WordPress Plugin – Easy Pricing Tables easy-pricing-tables
Quran Shortcode quran-shortcode
Random Featured Post random-featured-post-plugin
ReCaptcha Integration for WordPress wp-recaptcha-integration
Reftagger Shortcode reftagger-shortcode
Responsive Flickr Gallery responsive-flickr-gallery
Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor
RLM Elementor Widgets Pack rlm-elementor-widgets-pack
RSVP ME rsvp-me
RSVPMaker for Toastmasters rsvpmaker-for-toastmasters
Sales Page Addon – Elementor & Beaver Builder sales-page-addon
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates sastra-essential-addons-for-elementor
Selar.co Widget selar-co-widget
Seo Free seo-free
SEUR Oficial seur
SH Slideshow sh-slideshow
Show Visitor IP Address show-visitor-ip-address
Sided sided
Simple Business Manager simple-business-manager
Simple Goods simple-goods
Simple Job Manager simple-job-manager
Simple Page Specific Sidebars page-specific-sidebars
SIP Reviews Shortcode for WooCommerce sip-reviews-shortcode-woocommerce
Skip To skip-to
SKSDEV Toolkit sksdev-toolkit
Slicko slicko-for-elementor
Smart Mockups smart-mockups
SmartLink Dynamic URLs smartlink-dinamic-urls
SMS Alert Order Notifications – WooCommerce sms-alert
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder stacks-mobile-app-builder
Stars SMTP Mailer stars-smtp-mailer
Step by Step step-by-step
Sticky Social Bar sticky-social-bar
StreamWeasels Kick Integration streamweasels-kick-integration
StreamWeasels YouTube Integration streamweasels-youtube-integration
Subscribe to Comments subscribe-to-comments
Super Addons for Elementor super-addons-for-elementor
T(-) Countdown t-countdown
Themedy Toolbox themedy-toolbox
ThemeFuse Maintenance Mode themefuse-maintenance-mode
ThemeShark Templates & Widgets for Elementor themeshark-elementor
TradeMe widgets trademe-widget
Training – Courses training
Twitter @Anywhere Plus twitter-anywhere-plus
Ultimate TinyMCE ultimate-tinymce
UPDATE NOTIFICATIONS update-notifications
W3P SEO wp-perfect-plugin
W3SPEEDSTER w3speedster-wp
Webriti Custom Login webriti-custom-login-page
Website price calculator price-calculator-to-your-website
WeChat Subscribers Lite 微信公众订阅号插件 wechat-subscribers-lite
While Loading while-it-is-loading
Widget or Sidebar Shortcode widget-or-sidebar-per-shortcode
WM Zoom wm-zoom
Woo Manage Fraud Orders woo-manage-fraud-orders
Woocommerce Quote Calculator woo-quote-calculator-order
WordPress Business Plugin business
World Prayer Time world-prayer-time
WP Baidu Map wp-baidu-map
WP Course Manager wp-course-manager
WP EASY RECIPE wp-easy-recipe
WP EIS wp-eis
WP Feature Box wp-feature-box
WP Hotel Booking wp-hotel-booking
WP Pocket URLs wp-pocket-urls
WP Simple Anchors Links wp-simple-anchors-links
WP Team – WordPress Team Member Plugin ht-team-member
WPAdverts – Classifieds Plugin wpadverts
WPC Smart Messages for WooCommerce wpc-smart-messages
WPGlobus Translate Options wpglobus-translate-options
Курс валют UAH ukrainian-currency

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

AI Power: Complete AI Pack <= 1.8.89 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10392
Patch Status
Patched
Published
Oct 30, 2024

Affected Software
AI Power: Complete AI Pack
Researcher

vgo0

More Details >

All Post Contact Form <= 1.7.3 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50523
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
All Post Contact Form
Researcher

stealthcopter

More Details >

Crypto <= 2.15 – Authentication Bypass via log_in

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9989
Patch Status
Unpatched
Published
Oct 28, 2024

Affected Software
Crypto Tool
Researcher

István Márton

More Details >

Crypto <= 2.15 – Authentication Bypass via register

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9988
Patch Status
Unpatched
Published
Oct 28, 2024

Affected Software
Crypto Tool
Researcher

István Márton

More Details >

Multi Purpose Mail Form <= 1.0.2 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50526
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Multi Purpose Mail Form
Researcher

stealthcopter

More Details >

Plug your WooCommerce into the largest catalog of customized print products from Helloprint <= 2.0.2 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50525
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Plug your WooCommerce into the largest catalog of customized print products from Helloprint
Researcher

stealthcopter

More Details >

RSVPMaker for Toastmasters <= 6.2.4 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50531
Patch Status
Patched
Published
Oct 30, 2024

Affected Software
RSVPMaker for Toastmasters
Researcher

stealthcopter

More Details >

Stacks Mobile App Builder <= 5.2.3 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50527
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Researcher

stealthcopter

More Details >

W3SPEEDSTER <= 7.26 – Authenticated (Administrator+) Remote Code Execution

9.1

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-8512
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
W3SPEEDSTER
Researcher

Lesor101

More Details >

Crypto <= 2.15 – Cross-Site Request Forgery to Authentication Bypass

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9990
Patch Status
Unpatched
Published
Oct 28, 2024

Affected Software
Crypto Tool
Researcher

István Márton

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 – Authenticated (Student+) Missing Authorization to Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10008
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress
Researcher

floerer

More Details >

Stars SMTP Mailer <= 1.7 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50530
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Stars SMTP Mailer
Researcher

stealthcopter

More Details >

Training – Courses <= 2.0.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50529
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Training – Courses
Researcher

stealthcopter

More Details >

WP Hotel Booking <= 2.1.4 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-51582
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WP Hotel Booking
Researcher

ghsinfosec

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 – Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10436
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce
Researcher

theviper17y

More Details >

FileOrganizer <= 1.0.9 – Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-7985
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
FileOrganizer – Manage WordPress and Website Files
Researcher

TANG Cheuk Hei (siunam)

More Details >

Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 – Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9846
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
Enable Shortcodes inside Widgets,Comments and Experts
Researcher

Francesco Carlucci

More Details >

Media Library Assistant <= 3.19 – Authenticated (Administrator+) Remote Code Execution

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-51661
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Media Library Assistant
Researcher

Certus Cybersecurity

More Details >

WPAdverts – Classifieds Plugin <= 2.1.6 – Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10108
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
WPAdverts – Classifieds Plugin
Researcher

Arkadiusz Hydzik

More Details >

5 Stars Rating Funnel <= 1.4.01 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51579
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Administrator Z <= 2024.11.02 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50524
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Administrator Z
Researcher

stealthcopter

More Details >

AmaDiscount <= 1.0 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51608
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
AmaDiscount Plugin
Researcher

LVT-tholv2k

More Details >

Blrt WP Embed <= 1.6.9 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51606
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Blrt WP Embed
Researcher

LVT-tholv2k

More Details >

Download-Mirror-Counter <= 1.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51621
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Download-Mirror-Counter
Researcher

LVT-tholv2k

More Details >

Easy Gallery <= 1.4 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51570
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Easy Gallery
Researcher

LVT-tholv2k

More Details >

Golf Tracker <= 0.7 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51607
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Golf Tracker
Researcher

LVT-tholv2k

More Details >

Lodgix.com Vacation Rental Website Builder <= 3.9.73 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50539
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Lodgix.com Vacation Rental Website Builder
Researcher

LVT-tholv2k

More Details >

Market 360 Viewer <= 1.01 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51619
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Market 360 Viewer
Researcher

LVT-tholv2k

More Details >

Porsline <= 1.0.2 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51620
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Porsline
Researcher

LVT-tholv2k

More Details >

Quran Shortcode <= 1.5 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51625
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Quran Shortcode
Researcher

LVT-tholv2k

More Details >

RSVP ME <= 1.9.9 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50544
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
RSVP ME
Researcher

LVT-tholv2k

More Details >

Simple Job Manager <= 1.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51602
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Simple Job Manager
Researcher

LVT-tholv2k

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-6479
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce
Researchers

Jonas Höbenreich
Dmitry Derr
Thies Lukas

More Details >

Website price calculator <= 4.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51601
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Website price calculator
Researcher

LVT-tholv2k

More Details >

Woocommerce Quote Calculator <= 1.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51626
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Woocommerce Quote Calculator
Researcher

LVT-tholv2k

More Details >

WP EIS <= 1.3.3 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51623
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WP EIS
Researcher

LVT-tholv2k

More Details >

(dp) AddThis <= 1.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50540
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
(dp) AddThis
Researcher

SOPROBRO

More Details >

3D Presentation <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51578
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
3D Presentation
Researcher

SOPROBRO

More Details >

Aajoda Testimonials <= 2.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51614
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Aajoda Testimonials
Researcher

SOPROBRO

More Details >

Accordion title for Elementor <= 1.2.1 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51685
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Accordion title for Elementor
Researcher

Michael

More Details >

Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50541
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Advanced Control Manager for WordPress by ItalyStrap
Researcher

Gab

More Details >

affiliate-toolkit <= 3.6.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10227
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
affiliate-toolkit
Researcher

Peter Thaleikis

More Details >

Alley Elementor Widget <= 1.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50521
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Alley Elementor Widget
Researcher

Gab

More Details >

amazing neo icon font for elementor <= 2.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50543
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
amazing neo icon font for elementor
Researcher

Gab

More Details >

AMP Img Shortcode <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51576
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
AMP Img Shortcode
Researcher

SOPROBRO

More Details >

Ancient World Linked Data <= 0.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50520
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Ancient World Linked Data for WordPress
Researcher

Zlrqh

More Details >

Arconix Shortcodes <= 2.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10226
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Arconix Shortcodes
Researcher

Peter Thaleikis

More Details >

aThemes Addons for Elementor <= 1.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51675
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
aThemes Addons for Elementor
Researcher

Khalid Yusuf

More Details >

AtomChat <= 1.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10232
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Group Chat & Video Chat by AtomChat
Researcher

Peter Thaleikis

More Details >

Audio Comparison Lite <= 3.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51627
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Audio Comparison Lite
Researcher

SOPROBRO

More Details >

Awesome Progress Bar <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50548
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Awesome Progress Bar
Researcher

theviper17y

More Details >

AwesomePress <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51616
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
AwesomePress
Researcher

SOPROBRO

More Details >

Beaver Builder – WordPress Page Builder <= 2.8.4.2 – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9505
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Beaver Builder – WordPress Page Builder
Researcher

zer0gh0st

More Details >

Bigmart Elements <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51589
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Bigmart Elements
Researcher

Gab

More Details >

Black Widgets For Elementor <= 1.3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51662
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Black Widgets For Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

Black Widgets For Elementor <= 1.3.7 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9388
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Black Widgets For Elementor
Researcher

Francesco Carlucci

More Details >

Bonway Static Block Editor <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50549
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Bonway Static Block Editor
Researcher

SOPROBRO

More Details >

bpmn.io <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51577
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
bpmn.io
Researcher

SOPROBRO

More Details >

Business <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51596
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WordPress Business Plugin
Researcher

SOPROBRO

More Details >

Classy Addons for Elementor <= 1.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50553
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Classy Addons for Elementor
Researcher

Gab

More Details >

Clever Addons for Elementor <= 2.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51580
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Clever Addons for Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

Clyp <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51617
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Clyp
Researcher

SOPROBRO

More Details >

Cresta Addons for Elementor <= 1.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51680
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Cresta Addons for Elementor
Researcher

Gab

More Details >

Custom Admin Menu <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51618
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Custom Admin Menu
Researcher

SOPROBRO

More Details >

Custom post type templates for Elementor <= 1.10.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51683
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Custom post type templates for Elementor
Researcher

Gab

More Details >

DataMentor <= 1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50545
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
DataMentor – Best DataTables Plugin for Elementor
Researcher

Michael

More Details >

Definitive Addons for Elementor <= 1.5.16 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51587
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Definitive Addons for Elementor
Researcher

Gab

More Details >

Delisho <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51676
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Delisho – Recipe Widgets and Blocks
Researcher

Khalid Yusuf

More Details >

Display Terms Shortcode <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51610
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Display Terms Shortcode
Researcher

SOPROBRO

More Details >

Easy SVG Upload <= 1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9708
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Easy SVG Upload
Researcher

Francesco Carlucci

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10310
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher

zer0gh0st

More Details >

Elementary Addons <= 2.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51586
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Elementary Addons
Researcher

Gab

More Details >

Elo Rating Shortcode <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51678
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Elo Rating Shortcode
Researcher

theviper17y

More Details >

Emoji Shortcode <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51609
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Emoji Shortcode
Researcher

SOPROBRO

More Details >

EndomondoWP <= 0.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50551
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
EndomondoWP
Researcher

SOPROBRO

More Details >

Extender All In One For Elementor <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51575
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Extender All In One For Elementor
Researcher

Gab

More Details >

EzyOnlineBookings Online Booking System Widget <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51628
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
EzyOnlineBookings Online Booking System Widget
Researcher

SOPROBRO

More Details >

GDReseller <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50536
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
GDReseller
Researcher

SOPROBRO

More Details >

Genoo <= 6.0.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51605
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Genoo
Researcher

SOPROBRO

More Details >

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9165
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
Researcher

Francesco Carlucci

More Details >

Gmap Point List <= 1.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51594
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Gmap Point List
Researcher

SOPROBRO

More Details >

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9655
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher

Webbernaut

More Details >

Header Footer Composer for Elementor <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51629
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Header Footer Composer for Elementor
Researcher

Michael

More Details >

Hoo Addons for Elementor <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51590
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Hoo Addons for Elementor
Researcher

Gab

More Details >

Hover Video Preview <= 1.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50552
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Hover Video Preview
Researcher

SOPROBRO

More Details >

HT Builder – WordPress Theme Builder for Elementor <= 1.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51682
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
HT Builder – WordPress Theme Builder for Elementor
Researcher

Gab

More Details >

HT Politic <= 2.4.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51673
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
HT Politic – For Political WordPress Themes / Website
Researcher

Khalid Yusuf

More Details >

HT Team Member <= 1.1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10223
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
WP Team – WordPress Team Member Plugin
Researcher

Peter Thaleikis

More Details >

ID-SK Toolkit <= 1.7.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50517
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
ID-SK Toolkit
Researcher

Gab

More Details >

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9376
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Researcher

Francesco Carlucci

More Details >

Kento Ads Rotator <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51583
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Kento Ads Rotator
Researcher

SOPROBRO

More Details >

Knowledge Base <= 2.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51677
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Knowledge Base
Researcher

SOPROBRO

More Details >

LH QR Codes <= 1.06 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51572
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
LH QR Codes
Researcher

SOPROBRO

More Details >

Magical Addons For Elementor <= 1.2.1 – Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51665
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher

João Pedro Soares de Alcântara

More Details >

Marquee Elementor with Posts <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51584
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Marquee Elementor with Posts
Researcher

Gab

More Details >

MasterBip para Elementor <= 1.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51571
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
MasterBip para Elementor
Researcher

Gab

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 – Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10000
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress
Researcher

floerer

More Details >

Media Library Tools <= 1.4.0 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10482
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools
Researcher

Bob Matyas

More Details >

Media Modal <= 1.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51604
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Media Modal
Researcher

SOPROBRO

More Details >

Meta Store Elements <= 1.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51592
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Meta Store Elements
Researcher

Gab

More Details >

ML Responsive Audio player with playlist Shortcode <= 0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51573
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
ML Responsive Audio player with playlist Shortcode
Researcher

SOPROBRO

More Details >

MyOrderDesk <= 3.2.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50546
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
MyOrderDesk
Researcher

SOPROBRO

More Details >

Newsletters <= 4.9.9.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10181
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Newsletters
Researcher

Peter Thaleikis

More Details >

NMR Strava activities <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51603
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
NMR Strava activities
Researcher

SOPROBRO

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10367
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher

Francesco Carlucci

More Details >

Premium Addons for Elementor <= 4.10.60 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10266
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Premium Addons for Elementor
Researcher

zer0gh0st

More Details >

Pricer Ninja <= 2.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50518
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly
Researcher

SOPROBRO

More Details >

Reftagger Shortcode <= 1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51612
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Reftagger Shortcode
Researcher

SOPROBRO

More Details >

Restaurant & Cafe Addon for Elementor <= 1.5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51581
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Restaurant & Cafe Addon for Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

RLM Elementor Widgets Pack <= 1.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50542
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
RLM Elementor Widgets Pack
Researcher

Gab

More Details >

Sales Page Addon – Elementor & Beaver Builder <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51585
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Sales Page Addon – Elementor & Beaver Builder
Researcher

Gab

More Details >

Sastra Essential Addons for Elementor <= 1.0.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51674
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates
Researcher

Khalid Yusuf

More Details >

Selar.co Widget <= 1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51598
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Selar.co Widget
Researcher

SOPROBRO

More Details >

Show Visitor IP Address <= 0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50538
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Show Visitor IP Address
Researcher

SOPROBRO

More Details >

Sided <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50554
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Sided
Researcher

SOPROBRO

More Details >

Simple Business Manager <= 4.6.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51599
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Simple Business Manager
Researcher

C_T_R_L

More Details >

Simple Goods <= 0.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51574
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Simple Goods
Researcher

SOPROBRO

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 – Authenticated (Contributor+) Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6480
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce
Researchers

Jonas Höbenreich
Dmitry Derr
Thies Lukas

More Details >

SKSDEV Toolkit <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51595
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
SKSDEV Toolkit
Researcher

SOPROBRO

More Details >

Slicko <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51591
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Slicko
Researcher

Gab

More Details >

Smart Mockups <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50537
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Smart Mockups
Researcher

SOPROBRO

More Details >

SMSAlert – WooCommerce <= 3.7.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10233
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
SMS Alert Order Notifications – WooCommerce
Researcher

Peter Thaleikis

More Details >

Step by Step <= 0.4.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50535
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Step by Step
Researcher

SOPROBRO

More Details >

StreamWeasels YouTube Integration <= 1.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10185
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
StreamWeasels YouTube Integration
Researcher

Peter Thaleikis

More Details >

Super Addons for Elementor <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51588
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Super Addons for Elementor
Researcher

Gab

More Details >

SW Kick Integration – Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10184
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
StreamWeasels Kick Integration
Researcher

Peter Thaleikis

More Details >

T(-) Countdown <= 2.4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9884
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
T(-) Countdown
Researcher

theviper17y

More Details >

Themedy Toolbox <= 1.0.16 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50547
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Themedy Toolbox
Researcher

theviper17y

More Details >

ThemeShark Templates & Widgets for Elementor <= 1.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51597
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
ThemeShark Templates & Widgets for Elementor
Researcher

Gab

More Details >

TradeMe widgets <= 1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51613
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
TradeMe widgets
Researcher

SOPROBRO

More Details >

Ultimate TinyMCE <= 5.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8627
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
Ultimate TinyMCE
Researcher

Francesco Carlucci

More Details >

Widget or Sidebar Shortcode <= 0.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9885
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
Widget or Sidebar Shortcode
Researcher

theviper17y

More Details >

WM Zoom <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50556
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WM Zoom
Researcher

SOPROBRO

More Details >

WP Baidu Map <= 1.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9886
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
WP Baidu Map
Researcher

theviper17y

More Details >

WP EASY RECIPE <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51622
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WP EASY RECIPE
Researcher

SOPROBRO

More Details >

WP Feature Box <= 0.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51611
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
WP Feature Box
Researcher

SOPROBRO

More Details >

WP Pocket URLs <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51681
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
WP Pocket URLs
Researcher

SOPROBRO

More Details >

WP Simple Anchors Links <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9446
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
WP Simple Anchors Links
Researcher

theviper17y

More Details >

Курс валют UAH <= 2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51593
Patch Status
Unpatched
Published
Oct 31, 2024

Affected Software
Курс валют UAH
Researcher

SOPROBRO

More Details >

Addressbook <= 1.1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51644
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Addressbook
Researcher

SOPROBRO

More Details >

Admin SMS Alert<=1.1.0 – Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51637
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Admin SMS Alert
Researcher

Joshua Chan

More Details >

Advanced PDF Generator <= 0.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51641
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Advanced PDF Generator
Researcher

SOPROBRO

More Details >

Amazon Associate Filter <= 0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51643
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Amazon Associate Filter
Researcher

SOPROBRO

More Details >

APK Downloader <= 1.0.0 – Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51654
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
APK Downloader
Researcher

SOPROBRO

More Details >

Appointmind <= 4.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51679
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Appointmind
Researcher

SOPROBRO

More Details >

Awesome Shortcodes For Genesis 1.1.8 – Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51638
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Awesome Shortcodes For Genesis
Researcher

SOPROBRO

More Details >

BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 – Reflected Cross-Site Scripting via add_query_arg Parameter

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9896
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
BBP Core – Expand bbPress powered forums with useful features
Researcher

Colin Xu

More Details >

Custom Author URL <= 2.0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51655
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Custom Author URL
Researcher

SOPROBRO

More Details >

Domain Sharding <= 1.2.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50533
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Domain Sharding
Researcher

SOPROBRO

More Details >

e-shops <= 1.0.3 – Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51648
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
e-shopsカート2
Researcher

SOPROBRO

More Details >

Events Manager Pro – extended <= 0.1 – Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50532
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Events Manager Pro – extended
Researcher

SOPROBRO

More Details >

Featured Posts Scroll <= 1.25 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10922
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Featured Posts Scroll
Researcher

SOPROBRO

More Details >

Flash Show And Hide Box <= 1.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51656
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Flash Show And Hide Box
Researcher

SOPROBRO

More Details >

FraudLabs Pro SMS Verification <= 1.10.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51688
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
FraudLabs Pro SMS Verification
Researcher

SOPROBRO

More Details >

GMO Social Connection <= 1.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51636
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Plugin Name: GMO Social Connection
Researcher

Joshua Chan

More Details >

Jigoshop – Store Exporter <= 1.5.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50519
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Jigoshop – Store Exporter
Researcher

Zlrqh

More Details >

MDR Webmaster Tools <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51640
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
MDR Webmaster Tools
Researcher

SOPROBRO

More Details >

Mobilize <= 3.0.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51649
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Mobilize
Researcher

SOPROBRO

More Details >

Naver Blog <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51639
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Naver Blog
Researcher

SOPROBRO

More Details >

Platform.ly Official <= 1.1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51687
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Platform.ly Official
Researcher

SOPROBRO

More Details >

Post Status Notifier Lite and Premium <= 1.11.6 – Reflected Cross-Site Scripting via page

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10048
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Post Status Notifier
Post Status Notifier Lite
Researcher

Colin Xu

More Details >

Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8871
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Pricing Tables WordPress Plugin – Easy Pricing Tables
Researcher

vgo0

More Details >

Random Featured Post <= 1.1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51650
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Random Featured Post
Researcher

SOPROBRO

More Details >

ReCaptcha Integration for WordPress <= 1.2.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8739
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
ReCaptcha Integration for WordPress
Researcher

vgo0

More Details >

Responsive Flickr Gallery <= 1.3.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51630
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Responsive Flickr Gallery
Researcher

SOPROBRO

More Details >

Seo Free <= 1.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51642
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Seo Free
Researcher

SOPROBRO

More Details >

SEUR Oficial <= 2.2.11 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9438
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
SEUR Oficial
Researcher

vgo0

More Details >

SH Slideshow <= 4.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51632
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
SH Slideshow
Researcher

SOPROBRO

More Details >

Simple Page Specific Sidebars <= 2.14.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51633
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Simple Page Specific Sidebars
Researcher

SOPROBRO

More Details >

Skip To <= 2.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51652
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Skip To
Researcher

SOPROBRO

More Details >

SmartLink Dynamic URLs <= 1.1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51657
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
SmartLink Dynamic URLs
Researcher

SOPROBRO

More Details >

Sticky Social Bar <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51631
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Sticky Social Bar
Researcher

SOPROBRO

More Details >

Subscribe to Comments <= 2.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8792
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Subscribe to Comments
Researcher

vgo0

More Details >

ThemeFuse Maintenance Mode <= 1.1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51645
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
ThemeFuse Maintenance Mode
Researcher

SOPROBRO

More Details >

Twitter @Anywhere Plus <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51659
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Twitter @Anywhere Plus
Researcher

SOPROBRO

More Details >

UPDATE NOTIFICATIONS <= 0.3.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51653
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
UPDATE NOTIFICATIONS
Researcher

SOPROBRO

More Details >

W3P SEO <= 1.8.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51684
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
W3P SEO
Researcher

SOPROBRO

More Details >

Webriti Custom Login <= 0.3 – Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51634
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
Webriti Custom Login
Researcher

SOPROBRO

More Details >

WeChat Subscribers Lite <= 1.6.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50522
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
WeChat Subscribers Lite 微信公众订阅号插件
Researcher

ardias

More Details >

While Loading <= 3.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51635
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
While Loading
Researcher

SOPROBRO

More Details >

World Prayer Time <= 2.0 – Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50534
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
World Prayer Time
Researcher

SOPROBRO

More Details >

WP Course Manager <= 1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51658
Patch Status
Unpatched
Published
Nov 1, 2024

Affected Software
WP Course Manager
Researcher

SOPROBRO

More Details >

WPGlobus Translate Options <= 2.2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9434
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
WPGlobus Translate Options
Researcher

vgo0

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9868
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher

zer0gh0st

More Details >

Multiple Page Generator Plugin – MPG <= 4.0.1 – Missing Authorization

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-7424
Patch Status
Patched
Published
Oct 31, 2024

Affected Software
Multiple Page Generator Plugin – MPG
Researcher

Rafshanzani Suhada

More Details >

Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 – Authenticated (Subscriber+) SQL Injection

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10540
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Researcher

Arkadiusz Hydzik

More Details >

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 – Insecure Direct Object Reference to Submission Manipulation

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9700
Patch Status
Patched
Published
Oct 30, 2024

Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher

Vijaysimha Reddy (vijaysimha)

More Details >

Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 – Missing Authorization to Unauthenticated Quote PDF and CSV Download

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9430
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Get Quote For Woocommerce – Request A Quote For Woocommerce
Researcher

stehled

More Details >

Jetpackcrm Ext Woo Connect < 2.13 – Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Jetpackcrm Ext Woo Connect
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
Researcher(s): Unknown

More Details >

Stacks Mobile App Builder <= 5.2.3 – Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50528
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Researcher

stealthcopter

More Details >

Woo Manage Fraud Orders <= 2.6.1 – Unauthenticated Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10544
Patch Status
Unpatched
Published
Oct 30, 2024

Affected Software
Woo Manage Fraud Orders
Researcher

Colin Xu

More Details >

BetterLinks <= 2.1.7 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-51672
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing
Researcher

Marek Mikita

More Details >

Code Explorer <= 1.4.5 – Authenticated (Admin+) External File Reading

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2023-5816
Patch Status
Unpatched
Published
Oct 29, 2024

Affected Software
Code Explorer
Researcher

Dmitrii Ignatyev

More Details >

Beds24 Online Booking <= 2.0.25 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51664
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Beds24 Online Booking
Researcher

Roby Firnando Yusuf

More Details >

Bricksable for Bricks Builder <= 1.6.59 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51663
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Bricksable for Bricks Builder
Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51670
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

casol

More Details >

MyCurator Content Curation <= 3.78 – Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51668
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
MyCurator Content Curation
Researcher

Joshua Chan

More Details >

CM Table Of Contents <= 1.2.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5030
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
CM Table Of Contents – WordPress TOC Plugin
Researcher

Felipe Caon

More Details >

Download Monitor <= 5.0.13 – Missing Authorization to Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10399
Patch Status
Patched
Published
Oct 29, 2024

Affected Software
Download Monitor
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Dynamic Widgets <= 1.6.4 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51669
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Dynamic Widgets
Researcher

Ananda Dhakal

More Details >

Easy Accordion Gutenberg Block <= 1.2.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51660
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Easy Accordion Gutenberg Block
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Exclusive Addons for Elementor <= 2.7.4 – Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10312
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

Ankit Patel

More Details >

Manage User Columns <= 1.0.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51686
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Manage User Columns
Researcher

thiennv

More Details >

Move Addons for Elementor <= 1.3.5 – Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10360
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
Move Addons for Elementor
Researcher

Ankit Patel

More Details >

Otter – Gutenberg Block <= 3.0.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51671
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher

Rafie Muhammad

More Details >

Paytium <= 4.4.10 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51667
Patch Status
Patched
Published
Nov 1, 2024

Affected Software
Paytium: Mollie payment forms & donations
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 – Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10437
Patch Status
Patched
Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce
Researcher

Francesco Carlucci

More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024) appeared first on Wordfence.

Adicionar aos favoritos o Link permanente.