Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

• All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
• Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
• Pending report limits are increased for all
• It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 210 vulnerabilities disclosed in 203 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• WAF-RULE-759 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
SOPROBRO	74
Gab	21
LVT-tholv2k	14
stealthcopter	9
Francesco Carlucci	8
Peter Thaleikis	8
theviper17y	8
vgo0	6
Trương Hữu Phúc (truonghuuphuc)	4
Khalid Yusuf	4
Dmitrii Ignatyev	4
zer0gh0st	4
João Pedro Soares de Alcântara	4
Joshua Chan	3
Michael	3
István Márton	3
Colin Xu	3
floerer	2
Arkadiusz Hydzik	2
Jonas Höbenreich	2
Dmitry Derr	2
Thies Lukas	2
Zlrqh	2
Ankit Patel	2
C_T_R_L	1
Lesor101	1
ghsinfosec	1
stehled	1
Bob Matyas	1
Marek Mikita	1
Rafie Muhammad	1
Roby Firnando Yusuf	1
Rafshanzani Suhada	1
Ananda Dhakal	1
thiennv	1
ardias	1
Certus Cybersecurity	1
Felipe Caon	1
Webbernaut	1
casol	1
João G. Barbosa (4rCanJ0x!)	1
TANG Cheuk Hei (siunam)	1
Vijaysimha Reddy (vijaysimha)	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10392

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
AI Power: Complete AI Pack

Researcher

vgo0

More Details >

All Post Contact Form <= 1.7.8 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50523

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
All Post Contact Form

Researcher

stealthcopter

More Details >

Crypto <= 2.18 - Authentication Bypass via log_in

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-9989

Patch Status
Unpatched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Crypto <= 2.19 - Authentication Bypass via register

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-9988

Patch Status
Unpatched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Multi Purpose Mail Form <= 1.0.2 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50526

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Multi Purpose Mail Form

Researcher

stealthcopter

More Details >

Plug your WooCommerce into the largest catalog of customized print products from Helloprint <= 2.0.2 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50525

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Researcher

stealthcopter

More Details >

RSVPMaker for Toastmasters <= 6.2.4 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50531

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
RSVPMaker for Toastmasters

Researcher

stealthcopter

More Details >

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50527

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder

Researcher

stealthcopter

More Details >

W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-8512

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
W3SPEEDSTER

Researcher

Lesor101

More Details >

Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-9990

Patch Status
Unpatched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10008

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress

Researcher

floerer

More Details >

Stars SMTP Mailer <= 1.7 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-50530

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stars SMTP Mailer

Researcher

stealthcopter

More Details >

Training – Courses <= 2.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-50529

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Training – Courses

Researcher

stealthcopter

More Details >

WP Hotel Booking <= 2.1.4 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-51582

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP Hotel Booking

Researcher

ghsinfosec

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10436

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce

Researcher

theviper17y

More Details >

FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-7985

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
FileOrganizer – Manage WordPress and Website Files

Researcher

TANG Cheuk Hei (siunam)

More Details >

Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-9846

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Enable Shortcodes inside Widgets,Comments and Experts

Researcher

Francesco Carlucci

More Details >

Media Library Assistant <= 3.19 - Authenticated (Administrator+) Remote Code Execution

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-51661

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Media Library Assistant

Researcher

Certus Cybersecurity

More Details >

WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-10108

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
WPAdverts – Classifieds Plugin

Researcher

Arkadiusz Hydzik

More Details >

5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51579

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Administrator Z <= 2024.11.16 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50524

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Administrator Z

Researcher

stealthcopter

More Details >

AmaDiscount <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51608

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AmaDiscount Plugin

Researcher

LVT-tholv2k

More Details >

Blrt WP Embed <= 1.6.9 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51606

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Blrt WP Embed

Researcher

LVT-tholv2k

More Details >

Download-Mirror-Counter <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51621

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Download-Mirror-Counter

Researcher

LVT-tholv2k

More Details >

Easy Gallery <= 1.4 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51570

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Easy Gallery

Researcher

LVT-tholv2k

More Details >

Golf Tracker <= 0.7 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51607

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Golf Tracker

Researcher

LVT-tholv2k

More Details >

Lodgix.com Vacation Rental Website Builder <= 3.9.73 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50539

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Lodgix.com Vacation Rental Website Builder

Researcher

LVT-tholv2k

More Details >

Market 360 Viewer <= 1.01 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51619

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Market 360 Viewer

Researcher

LVT-tholv2k

More Details >

Porsline <= 1.0.2 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51620

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Porsline

Researcher

LVT-tholv2k

More Details >

Quran Shortcode <= 1.5 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51625

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Quran Shortcode

Researcher

LVT-tholv2k

More Details >

RSVP ME <= 1.9.9 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50544

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
RSVP ME

Researcher

LVT-tholv2k

More Details >

Simple Job Manager <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51602

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Job Manager

Researcher

LVT-tholv2k

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-6479

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce

Researchers

Jonas Höbenreich

Dmitry Derr

Thies Lukas

More Details >

Website price calculator <= 4.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51601

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Website price calculator

Researcher

LVT-tholv2k

More Details >

Woocommerce Quote Calculator <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51626

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Woocommerce Quote Calculator

Researcher

LVT-tholv2k

More Details >

WP EIS <= 1.3.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51623

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP EIS

Researcher

LVT-tholv2k

More Details >

(dp) AddThis <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50540

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
(dp) AddThis

Researcher

SOPROBRO

More Details >

3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51578

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
3D Presentation

Researcher

SOPROBRO

More Details >

Aajoda Testimonials <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51614

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Aajoda Testimonials

Researcher

SOPROBRO

More Details >

Accordion title for Elementor <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51685

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Accordion title for Elementor

Researcher

Michael

More Details >

Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50541

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Advanced Control Manager for WordPress by ItalyStrap

Researcher

Gab

More Details >

affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10227

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
affiliate-toolkit – WP Affiliate Plugin with Amazon

Researcher

Peter Thaleikis

More Details >

Alley Elementor Widget <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50521

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Alley Elementor Widget

Researcher

Gab

More Details >

amazing neo icon font for elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50543

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
amazing neo icon font for elementor

Researcher

Gab

More Details >

AMP Img Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51576

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AMP Img Shortcode

Researcher

SOPROBRO

More Details >

Ancient World Linked Data <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50520

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Ancient World Linked Data for WordPress

Researcher

Zlrqh

More Details >

Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10226

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Arconix Shortcodes

Researcher

Peter Thaleikis

More Details >

aThemes Addons for Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51675

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
aThemes Addons for Elementor

Researcher

Khalid Yusuf

More Details >

AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10232

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Group Chat & Video Chat by AtomChat

Researcher

Peter Thaleikis

More Details >

Audio Comparison Lite <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51627

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Audio Comparison Lite

Researcher

SOPROBRO

More Details >

Awesome Progress Bar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50548

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Awesome Progress Bar

Researcher

theviper17y

More Details >

AwesomePress <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51616

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AwesomePress

Researcher

SOPROBRO

More Details >

Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9505

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Beaver Builder – WordPress Page Builder

Researcher

zer0gh0st

More Details >

Bigmart Elements <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51589

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Bigmart Elements

Researcher

Gab

More Details >

Black Widgets For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51662

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Black Widgets For Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9388

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Black Widgets For Elementor

Researcher

Francesco Carlucci

More Details >

Bonway Static Block Editor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50549

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Bonway Static Block Editor

Researcher

SOPROBRO

More Details >

bpmn.io <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51577

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
bpmn.io

Researcher

SOPROBRO

More Details >

Business <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51596

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WordPress Business Plugin

Researcher

SOPROBRO

More Details >

Classy Addons for Elementor <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50553

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Classy Addons for Elementor

Researcher

Gab

More Details >

Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51580

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Clever Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Clyp <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51617

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Clyp

Researcher

SOPROBRO

More Details >

Cresta Addons for Elementor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51680

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Cresta Addons for Elementor

Researcher

Gab

More Details >

Custom Admin Menu <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51618

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Custom Admin Menu

Researcher

SOPROBRO

More Details >

Custom post type templates for Elementor <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51683

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Custom post type templates for Elementor

Researcher

Gab

More Details >

DataMentor <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50545

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
DataMentor – Best DataTables Plugin for Elementor

Researcher

Michael

More Details >

Definitive Addons for Elementor <= 1.5.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51587

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Definitive Addons for Elementor

Researcher

Gab

More Details >

Delisho <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51676

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Delisho – Recipe Widgets and Blocks

Researcher

Khalid Yusuf

More Details >

Display Terms Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51610

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Display Terms Shortcode

Researcher

SOPROBRO

More Details >

Ditty <= 3.1.46 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9600

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists

Researcher

Dmitrii Ignatyev

More Details >

Easy SVG Upload <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9708

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Easy SVG Upload

Researcher

Francesco Carlucci

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10310

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

zer0gh0st

More Details >

Elementary Addons <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51586

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Elementary Addons

Researcher

Gab

More Details >

Elo Rating Shortcode <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51678

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Elo Rating Shortcode

Researcher

theviper17y

More Details >

Emoji Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51609

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Emoji Shortcode

Researcher

SOPROBRO

More Details >

EndomondoWP <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50551

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
EndomondoWP

Researcher

SOPROBRO

More Details >

Extender All In One For Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51575

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Extender All In One For Elementor

Researcher

Gab

More Details >

EzyOnlineBookings Online Booking System Widget <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51628

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
EzyOnlineBookings Online Booking System Widget

Researcher

SOPROBRO

More Details >

GDReseller <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50536

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
GDReseller

Researcher

SOPROBRO

More Details >

Genoo <= 6.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51605

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Genoo

Researcher

SOPROBRO

More Details >

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9165

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

Researcher

Francesco Carlucci

More Details >

Gmap Point List <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51594

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Gmap Point List

Researcher

SOPROBRO

More Details >

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9655

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Webbernaut

More Details >

Header Footer Composer for Elementor <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51629

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Header Footer Composer for Elementor

Researcher

Michael

More Details >

Hoo Addons for Elementor <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51590

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Hoo Addons for Elementor

Researcher

Gab

More Details >

Hover Video Preview <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50552

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Hover Video Preview

Researcher

SOPROBRO

More Details >

HT Builder – WordPress Theme Builder for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51682

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
HT Builder – WordPress Theme Builder for Elementor

Researcher

Gab

More Details >

HT Politic <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51673

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
HT Politic – For Political WordPress Themes / Website

Researcher

Khalid Yusuf

More Details >

HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10223

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
WP Team – WordPress Team Member Plugin

Researcher

Peter Thaleikis

More Details >

ID-SK Toolkit <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50517

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
ID-SK Toolkit

Researcher

Gab

More Details >

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9376

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Researcher

Francesco Carlucci

More Details >

Kento Ads Rotator <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51583

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Kento Ads Rotator

Researcher

SOPROBRO

More Details >

Knowledge Base <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51677

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Knowledge Base

Researcher

SOPROBRO

More Details >

LH QR Codes <= 1.06 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51572

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
LH QR Codes

Researcher

SOPROBRO

More Details >

Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51665

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Researcher

João Pedro Soares de Alcântara

More Details >

Marquee Elementor with Posts <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51584

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Marquee Elementor with Posts

Researcher

Gab

More Details >

MasterBip para Elementor <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51571

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
MasterBip para Elementor

Researcher

Gab

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10000

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress

Researcher

floerer

More Details >

Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10482

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools

Researcher

Bob Matyas

More Details >

Media Modal <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51604

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Media Modal

Researcher

SOPROBRO

More Details >

Meta Store Elements <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51592

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Meta Store Elements

Researcher

Gab

More Details >

ML Responsive Audio player with playlist Shortcode <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51573

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
ML Responsive Audio player with playlist Shortcode

Researcher

SOPROBRO

More Details >

MyOrderDesk <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50546

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
MyOrderDesk

Researcher

SOPROBRO

More Details >

Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10181

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Newsletters

Researcher

Peter Thaleikis

More Details >

NMR Strava activities <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51603

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
NMR Strava activities

Researcher

SOPROBRO

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10367

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Francesco Carlucci

More Details >

Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10266

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Premium Addons for Elementor

Researcher

zer0gh0st

More Details >

Pricer Ninja <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50518

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly

Researcher

SOPROBRO

More Details >

Reftagger Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51612

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Reftagger Shortcode

Researcher

SOPROBRO

More Details >

Restaurant & Cafe Addon for Elementor <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51581

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Restaurant & Cafe Addon for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

RLM Elementor Widgets Pack <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50542

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
RLM Elementor Widgets Pack

Researcher

Gab

More Details >

Sales Page Addon – Elementor & Beaver Builder <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51585

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Sales Page Addon – Elementor & Beaver Builder

Researcher

Gab

More Details >

Sastra Essential Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51674

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates

Researcher

Khalid Yusuf

More Details >

Selar.co Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51598

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Selar.co Widget

Researcher

SOPROBRO

More Details >

Show Visitor IP Address <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50538

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Show Visitor IP Address

Researcher

SOPROBRO

More Details >

Sided <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50554

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Sided

Researcher

SOPROBRO

More Details >

Simple Business Manager <= 4.6.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51599

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Business Manager

Researcher

C_T_R_L

More Details >

Simple Goods <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51574

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Goods

Researcher

SOPROBRO

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6480

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce

Researchers

Jonas Höbenreich

Dmitry Derr

Thies Lukas

More Details >

SKSDEV Toolkit <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51595

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SKSDEV Toolkit

Researcher

SOPROBRO

More Details >

Slicko <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51591

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Slicko

Researcher

Gab

More Details >

Smart Mockups <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50537

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Smart Mockups

Researcher

SOPROBRO

More Details >

SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10233

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
SMS Alert Order Notifications – WooCommerce

Researcher

Peter Thaleikis

More Details >

Step by Step <= 0.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50535

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Step by Step

Researcher

SOPROBRO

More Details >

StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10185

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
StreamWeasels YouTube Integration

Researcher

Peter Thaleikis

More Details >

Super Addons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51588

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Super Addons for Elementor

Researcher

Gab

More Details >

SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10184

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
StreamWeasels Kick Integration

Researcher

Peter Thaleikis

More Details >

T(-) Countdown <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9884

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
T(-) Countdown

Researcher

theviper17y

More Details >

Themedy Toolbox <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50547

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Themedy Toolbox

Researcher

theviper17y

More Details >

ThemeShark Templates & Widgets for Elementor <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51597

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
ThemeShark Templates & Widgets for Elementor

Researcher

Gab

More Details >

TradeMe widgets <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51613

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
TradeMe widgets

Researcher

SOPROBRO

More Details >

Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-8627

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Ultimate TinyMCE

Researcher

Francesco Carlucci

More Details >

Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9885

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Widget or Sidebar Shortcode

Researcher

theviper17y

More Details >

WM Zoom <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50556

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WM Zoom

Researcher

SOPROBRO

More Details >

WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9886

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
WP Baidu Map

Researcher

theviper17y

More Details >

WP EASY RECIPE <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51622

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP EASY RECIPE

Researcher

SOPROBRO

More Details >

WP Feature Box <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51611

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP Feature Box

Researcher

SOPROBRO

More Details >

WP Pocket URLs <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51681

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
WP Pocket URLs

Researcher

SOPROBRO

More Details >

WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9446

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WP Simple Anchors Links

Researcher

theviper17y

More Details >

Курс валют UAH <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51593

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Курс валют UAH

Researcher

SOPROBRO

More Details >

Addressbook <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51644

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Addressbook

Researcher

SOPROBRO

More Details >

Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51637

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Admin SMS Alert

Researcher

Joshua Chan

More Details >

Advanced PDF Generator <= 0.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51641

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Advanced PDF Generator

Researcher

SOPROBRO

More Details >

Amazon Associate Filter <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51643

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Amazon Associate Filter

Researcher

SOPROBRO

More Details >

APK Downloader <= 1.0.0 - Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51654

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
APK Downloader

Researcher

SOPROBRO

More Details >

Appointmind <= 4.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51679

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Appointmind

Researcher

SOPROBRO

More Details >

Awesome Shortcodes For Genesis 1.1.8 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51638

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Awesome Shortcodes For Genesis

Researcher

SOPROBRO

More Details >

BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9896

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
BBP Core – Expand bbPress powered forums with useful features

Researcher

Colin Xu

More Details >

Custom Author URL <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51655

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Custom Author URL

Researcher

SOPROBRO

More Details >

Domain Sharding <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50533

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Domain Sharding

Researcher

SOPROBRO

More Details >

e-shops <= 1.0.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51648

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
e-shopsカート2

Researcher

SOPROBRO

More Details >

Events Manager Pro – extended <= 0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50532

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Events Manager Pro – extended

Researcher

SOPROBRO

More Details >

Featured Posts Scroll <= 1.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10922

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Featured Posts Scroll

Researcher

SOPROBRO

More Details >

Flash Show And Hide Box <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51656

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Flash Show And Hide Box

Researcher

SOPROBRO

More Details >

FraudLabs Pro SMS Verification <= 1.10.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51688

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
FraudLabs Pro SMS Verification

Researcher

SOPROBRO

More Details >

GMO Social Connection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51636

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Plugin Name: GMO Social Connection

Researcher

Joshua Chan

More Details >

Jigoshop – Store Exporter <= 1.5.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50519

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Jigoshop – Store Exporter

Researcher

Zlrqh

More Details >

MDR Webmaster Tools <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51640

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
MDR Webmaster Tools

Researcher

SOPROBRO

More Details >

Mobilize <= 3.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51649

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Mobilize

Researcher

SOPROBRO

More Details >

Naver Blog <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51639

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Naver Blog

Researcher

SOPROBRO

More Details >

Platform.ly Official <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51687

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Platform.ly Official

Researcher

SOPROBRO

More Details >

Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10048

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Post Status Notifier
Post Status Notifier Lite

Researcher

Colin Xu

More Details >

Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8871

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Pricing Tables WordPress Plugin – Easy Pricing Tables

Researcher

vgo0

More Details >

Random Featured Post <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51650

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Random Featured Post

Researcher

SOPROBRO

More Details >

ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8739

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
ReCaptcha Integration for WordPress

Researcher

vgo0

More Details >

Responsive Flickr Gallery <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51630

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Responsive Flickr Gallery

Researcher

SOPROBRO

More Details >

Seo Free <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51642

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Seo Free

Researcher

SOPROBRO

More Details >

SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9438

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
SEUR Oficial

Researcher

vgo0

More Details >

SH Slideshow <= 4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51632

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
SH Slideshow

Researcher

SOPROBRO

More Details >

Simple Page Specific Sidebars <= 2.14.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51633

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Simple Page Specific Sidebars

Researcher

SOPROBRO

More Details >

Skip To <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51652

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Skip To

Researcher

SOPROBRO

More Details >

SmartLink Dynamic URLs <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51657

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
SmartLink Dynamic URLs

Researcher

SOPROBRO

More Details >

Sticky Social Bar <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51631

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Sticky Social Bar

Researcher

SOPROBRO

More Details >

Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8792

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Subscribe to Comments

Researcher

vgo0

More Details >

ThemeFuse Maintenance Mode <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51645

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
ThemeFuse Maintenance Mode

Researcher

SOPROBRO

More Details >

Twitter @Anywhere Plus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51659

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Twitter @Anywhere Plus

Researcher

SOPROBRO

More Details >

UPDATE NOTIFICATIONS <= 0.3.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51653

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
UPDATE NOTIFICATIONS

Researcher

SOPROBRO

More Details >

W3P SEO <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51684

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
W3P SEO

Researcher

SOPROBRO

More Details >

Webriti Custom Login <= 0.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51634

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Webriti Custom Login

Researcher

SOPROBRO

More Details >

WeChat Subscribers Lite <= 1.6.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50522

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WeChat Subscribers Lite 微信公众订阅号插件

Researcher

ardias

More Details >

While Loading <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51635

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
While Loading

Researcher

SOPROBRO

More Details >

World Prayer Time <= 2.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50534

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
World Prayer Time

Researcher

SOPROBRO

More Details >

WP Course Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51658

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
WP Course Manager

Researcher

SOPROBRO

More Details >

WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9434

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WPGlobus Translate Options

Researcher

vgo0

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-9868

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

zer0gh0st

More Details >

Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-7424

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Multiple Page Generator Plugin – MPG

Researcher

Rafshanzani Suhada

More Details >

Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10540

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Researcher

Arkadiusz Hydzik

More Details >

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-9700

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Researcher

Vijaysimha Reddy (vijaysimha)

More Details >

Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-9430

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Get Quote For Woocommerce – Request A Quote For Woocommerce

Researcher

stehled

More Details >

Jetpackcrm Ext Woo Connect < 2.13 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
Unknown

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Jetpackcrm Ext Woo Connect
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

Researcher(s): Unknown

More Details >

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-50528

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder

Researcher

stealthcopter

More Details >

Woo Manage Fraud Orders <= 2.6.1 - Unauthenticated Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10544

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Woo Manage Fraud Orders

Researcher

Colin Xu

More Details >

BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-51672

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing

Researcher

Marek Mikita

More Details >

Code Explorer <= 1.4.5 - Authenticated (Admin+) External File Reading

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2023-5816

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Code Explorer

Researcher

Dmitrii Ignatyev

More Details >

Beds24 Online Booking <= 2.0.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51664

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Beds24 Online Booking

Researcher

Roby Firnando Yusuf

More Details >

Bricksable for Bricks Builder <= 1.6.59 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51663

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Bricksable for Bricks Builder

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51670

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

casol

More Details >

MailPoet <= 5.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-10103

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
MailPoet – Newsletters, Email Marketing, and Automation

Researcher

Dmitrii Ignatyev

More Details >

MyCurator Content Curation <= 3.78 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51668

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
MyCurator Content Curation

Researcher

Joshua Chan

More Details >

SEO Plugin by Squirrly SEO <= 12.3.20 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-10515

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
SEO Plugin by Squirrly SEO

Researcher

Dmitrii Ignatyev

More Details >

CM Table Of Contents <= 1.2.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5030

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
CM Table Of Contents – WordPress TOC Plugin

Researcher

Felipe Caon

More Details >

Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10399

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Download Monitor

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Dynamic Widgets <= 1.6.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51669

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Dynamic Widgets

Researcher

Ananda Dhakal

More Details >

Easy Accordion Gutenberg Block <= 1.2.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51660

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Easy Accordion Gutenberg Block

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10312

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Exclusive Addons for Elementor

Researcher

Ankit Patel

More Details >

Manage User Columns <= 1.0.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51686

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Manage User Columns

Researcher

thiennv

More Details >

Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10360

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Move Addons for Elementor

Researcher

Ankit Patel

More Details >

Otter - Gutenberg Block <= 3.0.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51671

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Rafie Muhammad

More Details >

Paytium <= 4.4.10 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51667

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Paytium: Mollie payment forms & donations

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10437

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce

Researcher

Francesco Carlucci

More Details >