CVE-2024-10675

CVE-2024-10675 affects the WordPress plugin affiliate-toolkit (

PT-2024-39143 · WordPress · Woocommerce Multilingual & Multicurrency With Wpml

Name of the Vulnerable Software and Affected Versions: WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress versions up to, and including, 5.3.7 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on t...

CVE-2024-6339

The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-38166

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link...

CVE-2024-1360 Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

Cross site request forgery (csrf)

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordermessage function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site...