Lucene search

K
wordfenceChloe ChamberlandWORDFENCE:9D8428535D8700D98FAE118FCA67CE87
HistoryNov 07, 2024 - 2:15 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)

2024-11-0714:15:09
Chloe Chamberland
www.wordfence.com
10
wordfence
wordpress
cybersecurity month
superhero challenge
vulnerabilities
threat intelligence
web security
bug bounty
vulnerability report

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

40.4%


_🦸👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and theWordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: _

  • All in-scope vulnerability types for WordPress plugins/themes with > = 1,000 active installations are in-scope forALL researchers * Top-tier researchers earnautomatic bonuses of between 10% to 120% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 211 vulnerabilities disclosed in 204 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WAF-RULE-759 - Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 81
Unpatched 130

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 192
High Severity 10
Critical Severity 9

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 117
Cross-Site Request Forgery (CSRF) 41
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 20
Unrestricted Upload of File with Dangerous Type 9
Missing Authorization 6
Exposure of Sensitive Information to an Unauthorized Actor 4
Authentication Bypass Using an Alternate Path or Channel 2
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 2
Improper Control of Generation of Code (‘Code Injection’) 2
Authorization Bypass Through User-Controlled Key 1
External Control of File Name or Path 1
Improper Access Control 1
Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Insertion of Sensitive Information into Log File 1
Missing Authentication for Critical Function 1
Server-Side Request Forgery (SSRF) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
SOPROBRO 74
Gab 21
LVT-tholv2k 14
stealthcopter 9
Francesco Carlucci 8
Peter Thaleikis 8
theviper17y 8
vgo0 6
Trương Hữu Phúc (truonghuuphuc) 4
Khalid Yusuf 4
Dmitrii Ignatyev 4
zer0gh0st 4
João Pedro Soares de Alcântara 4
Joshua Chan 3
Michael 3
István Márton 3
Colin Xu 3
floerer 2
Bob Matyas 2
Arkadiusz Hydzik 2
Jonas Höbenreich 2
Dmitry Derr 2
Thies Lukas 2
Zlrqh 2
Ankit Patel 2
C_T_R_L 1
Lesor101 1
ghsinfosec 1
stehled 1
Marek Mikita 1
Rafie Muhammad 1
Roby Firnando Yusuf 1
Rafshanzani Suhada 1
Ananda Dhakal 1
thiennv 1
ardias 1
Certus Cybersecurity 1
Felipe Caon 1
Webbernaut 1
casol 1
João G. Barbosa (4rCanJ0x!) 1
TANG Cheuk Hei (siunam) 1
Vijaysimha Reddy (vijaysimha) 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
(dp) AddThis dp-addthis
3D Presentation 3d-presentation
Aajoda Testimonials aajoda-testimonials
Accordion title for Elementor accordion-title-for-elementor
Addressbook addressbook
Admin SMS Alert admin-sms-alert
Administrator Z administrator-z
Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager
Advanced PDF Generator advanced-pdf-generator
affiliate-toolkit – WP Affiliate Plugin with Amazon affiliate-toolkit-starter
AI Power: Complete AI Pack gpt3-ai-content-generator
All Post Contact Form allpost-contactform
Alley Elementor Widget alley-elementor-widget
AmaDiscount Plugin amadiscount
amazing neo icon font for elementor amazing-neo-icon-font-for-elementor
Amazon Associate Filter amazon-associate-filter
AMP Img Shortcode amp-img-shortcode
Ancient World Linked Data for WordPress ancient-world-linked-data-for-wordpress
APK Downloader apk-downloader
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
Appointmind appointmind
Arconix Shortcodes arconix-shortcodes
aThemes Addons for Elementor athemes-addons-for-elementor-lite
Audio Comparison Lite audio-comparison-lite
Awesome Progress Bar awesome-progess-bar
Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis
AwesomePress awesomepress
BBP Core – Expand bbPress powered forums with useful features bbp-core
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beds24 Online Booking beds24-online-booking
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing betterlinks
Bigmart Elements bigmart-elements
Black Widgets For Elementor black-widgets
Blrt WP Embed blrt-wp-embed
Bonway Static Block Editor bonway-static-block-editor
bpmn.io bpmnio
Bricksable for Bricks Builder bricksable
BTEV bluetrait-event-viewer
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free RRatingg
Classy Addons for Elementor classy-addons-for-elementor
Clever Addons for Elementor cafe-lite
Clyp clyp
CM Table Of Contents – WordPress TOC Plugin cm-table-of-content
Code Explorer code-explorer
Cresta Addons for Elementor cresta-addons-for-elementor
Crypto Tool crypto
Custom Admin Menu custom-admin-menu
Custom Author URL author-slug
Custom post type templates for Elementor custom-post-type-templates-for-elementor
DataMentor – Best DataTables Plugin for Elementor datamentor
Definitive Addons for Elementor definitive-addons-for-elementor
Delisho – Recipe Widgets and Blocks dr-widgets-blocks
Display Terms Shortcode display-terms-shortcode
Ditty – Responsive News Tickers, Sliders, and Lists ditty-news-ticker
Domain Sharding domain-sharding
Download Monitor download-monitor
Download-Mirror-Counter wp-download-mirror-counter
Dynamic Widgets dynamic-widgets
e-shopsカート2 e-shops-cart2
Easy Accordion Gutenberg Block easy-accordion-block
Easy Gallery simple-gallery-odihost
Easy SVG Upload easy-svg-upload
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) bdthemes-element-pack-lite
Elementary Addons elementary-addons
Elo Rating Shortcode elo-rating-shortcode
Emoji Shortcode emoji-shortcode
Enable Shortcodes inside Widgets,Comments and Experts enable-shortcodes-inside-widgetscomments-and-experts
EndomondoWP endomondowp
Events Manager Pro – extended events-manager-pro-extended
Exclusive Addons for Elementor exclusive-addons-for-elementor
Extender All In One For Elementor extender-all-in-one-for-elementor
EzyOnlineBookings Online Booking System Widget ezyonlinebookings-online-booking-system
Featured Posts Scroll featured-posts-scroll
FileOrganizer – Manage WordPress and Website Files fileorganizer
Flash Show And Hide Box flash-show-and-hide-box
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification
GDReseller gdreseller
Genoo genoo
Get Quote For Woocommerce – Request A Quote For Woocommerce get-a-quote-for-woocommerce
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) gift-voucher
Gmap Point List gmap-point-list
Golf Tracker golf-tracker
Group Chat & Video Chat by AtomChat atomchat
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Header Footer Composer for Elementor header-footer-composer
Hoo Addons for Elementor hoo-addons-for-elementor
Hover Video Preview hover-video-preview
HT Builder – WordPress Theme Builder for Elementor ht-builder
HT Politic – For Political WordPress Themes / Website wp-politic
ID-SK Toolkit idsk-toolkit
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation zero-bs-crm
Jetpackcrm Ext Woo Connect jetpackcrm-ext-woo-connect
Jigoshop – Store Exporter jigoshop-exporter
JS Help Desk – The Ultimate Help Desk & Support Plugin js-support-ticket
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates kata-plus
Kento Ads Rotator kento-ads-rotator
Knowledge Base knowledgebase
LH QR Codes lh-qr-codes
Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) magical-addons-for-elementor
MailPoet – Newsletters, Email Marketing, and Automation mailpoet
Manage User Columns manage-user-columns
Market 360 Viewer market-360-viewer
Marquee Elementor with Posts marquee-elementor
MasterBip para Elementor masterbip-for-elementor
Masteriyo LMS – eLearning and Online Course Builder for WordPress learning-management-system
MDR Webmaster Tools mdr-webmaster-tools
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools media-library-tools
Media Library Assistant media-library-assistant
Media Modal media-modal
Meta Store Elements meta-store-elements
ML Responsive Audio player with playlist Shortcode mlr-audio
Mobilize mobilize
Move Addons for Elementor move-addons
Multi Purpose Mail Form multi-purpose-mail-form
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MyCurator Content Curation mycurator
MyOrderDesk myorderdesk
Naver Blog naver-blog-api
Newsletters newsletters-lite
NMR Strava activities nmr-strava-activities
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
Paytium: Mollie payment forms & donations paytium
Platform.ly Official platformly
Plug your WooCommerce into the largest catalog of customized print products from Helloprint helloprint
Plugin Name: GMO Social Connection gmo-social-connection
Porsline porsline
Post Status Notifier post-status-notifier
Post Status Notifier Lite post-status-notifier-lite
Premium Addons for Elementor premium-addons-for-elementor
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly pricer-ninja-pricing-tables
Pricing Tables WordPress Plugin – Easy Pricing Tables easy-pricing-tables
Quran Shortcode quran-shortcode
Random Featured Post random-featured-post-plugin
ReCaptcha Integration for WordPress wp-recaptcha-integration
Reftagger Shortcode reftagger-shortcode
Responsive Flickr Gallery responsive-flickr-gallery
Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor
RLM Elementor Widgets Pack rlm-elementor-widgets-pack
RSVP ME rsvp-me
RSVPMaker for Toastmasters rsvpmaker-for-toastmasters
Sales Page Addon – Elementor & Beaver Builder sales-page-addon
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates sastra-essential-addons-for-elementor
Selar.co Widget selar-co-widget
Seo Free seo-free
SEO Plugin by Squirrly SEO squirrly-seo
SEUR Oficial seur
SH Slideshow sh-slideshow
Show Visitor IP Address show-visitor-ip-address
Sided sided
Simple Business Manager simple-business-manager
Simple Goods simple-goods
Simple Job Manager simple-job-manager
Simple Page Specific Sidebars page-specific-sidebars
SIP Reviews Shortcode for WooCommerce sip-reviews-shortcode-woocommerce
Skip To skip-to
SKSDEV Toolkit sksdev-toolkit
Slicko slicko-for-elementor
Smart Mockups smart-mockups
SmartLink Dynamic URLs smartlink-dinamic-urls
SMS Alert Order Notifications – WooCommerce sms-alert
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder stacks-mobile-app-builder
Stars SMTP Mailer stars-smtp-mailer
Step by Step step-by-step
Sticky Social Bar sticky-social-bar
StreamWeasels Kick Integration streamweasels-kick-integration
StreamWeasels YouTube Integration streamweasels-youtube-integration
Subscribe to Comments subscribe-to-comments
Super Addons for Elementor super-addons-for-elementor
T(-) Countdown t-countdown
Themedy Toolbox themedy-toolbox
ThemeFuse Maintenance Mode themefuse-maintenance-mode
ThemeShark Templates & Widgets for Elementor themeshark-elementor
TradeMe widgets trademe-widget
Training – Courses training
Twitter @Anywhere Plus twitter-anywhere-plus
Ultimate TinyMCE ultimate-tinymce
UPDATE NOTIFICATIONS update-notifications
W3P SEO wp-perfect-plugin
W3SPEEDSTER w3speedster-wp
Webriti Custom Login webriti-custom-login-page
Website price calculator price-calculator-to-your-website
WeChat Subscribers Lite 微信公众订阅号插件 wechat-subscribers-lite
While Loading while-it-is-loading
Widget or Sidebar Shortcode widget-or-sidebar-per-shortcode
WM Zoom wm-zoom
Woo Manage Fraud Orders woo-manage-fraud-orders
Woocommerce Quote Calculator woo-quote-calculator-order
WordPress Business Plugin business
World Prayer Time world-prayer-time
WP Baidu Map wp-baidu-map
WP Course Manager wp-course-manager
WP EASY RECIPE wp-easy-recipe
WP EIS wp-eis
WP Feature Box wp-feature-box
WP Hotel Booking wp-hotel-booking
WP Pocket URLs wp-pocket-urls
WP Simple Anchors Links wp-simple-anchors-links
WP Team – WordPress Team Member Plugin ht-team-member
WPAdverts – Classifieds Plugin wpadverts
WPC Smart Messages for WooCommerce wpc-smart-messages
WPGlobus Translate Options wpglobus-translate-options
Курс валют UAH ukrainian-currency

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10392

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
AI Power: Complete AI Pack

Researcher

vgo0

More Details >

All Post Contact Form <= 1.7.8 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50523

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
All Post Contact Form

Researcher

stealthcopter

More Details >

Crypto <= 2.18 - Authentication Bypass via log_in

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-9989

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Crypto <= 2.19 - Authentication Bypass via register

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-9988

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Multi Purpose Mail Form <= 1.0.2 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50526

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Multi Purpose Mail Form

Researcher

stealthcopter

More Details >

Plug your WooCommerce into the largest catalog of customized print products from Helloprint <= 2.0.4 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50525

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Researcher

stealthcopter

More Details >

RSVPMaker for Toastmasters <= 6.2.4 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50531

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
RSVPMaker for Toastmasters

Researcher

stealthcopter

More Details >

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-50527

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder

Researcher

stealthcopter

More Details >

W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-8512

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
W3SPEEDSTER

Researcher

Lesor101

More Details >

Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-9990

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Crypto Tool

Researcher

István Márton

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10008

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress

Researcher

floerer

More Details >

Stars SMTP Mailer <= 1.7 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-50530

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stars SMTP Mailer

Researcher

stealthcopter

More Details >

Training – Courses <= 2.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-50529

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Training – Courses

Researcher

stealthcopter

More Details >

WP Hotel Booking <= 2.1.4 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-51582

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP Hotel Booking

Researcher

ghsinfosec

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10436

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce

Researcher

theviper17y

More Details >

FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-7985

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
FileOrganizer – Manage WordPress and Website Files

Researcher

TANG Cheuk Hei (siunam)

More Details >

Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-9846

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Enable Shortcodes inside Widgets,Comments and Experts

Researcher

Francesco Carlucci

More Details >

Media Library Assistant <= 3.19 - Authenticated (Administrator+) Remote Code Execution

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-51661

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Media Library Assistant

Researcher

Certus Cybersecurity

More Details >

WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-10108

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
WPAdverts – Classifieds Plugin

Researcher

Arkadiusz Hydzik

More Details >

5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51579

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Administrator Z <= 2024.11.27 - Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50524

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Administrator Z

Researcher

stealthcopter

More Details >

AmaDiscount <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51608

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AmaDiscount Plugin

Researcher

LVT-tholv2k

More Details >

Blrt WP Embed <= 1.6.9 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51606

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Blrt WP Embed

Researcher

LVT-tholv2k

More Details >

Download-Mirror-Counter <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51621

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Download-Mirror-Counter

Researcher

LVT-tholv2k

More Details >

Easy Gallery <= 1.4 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51570

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Easy Gallery

Researcher

LVT-tholv2k

More Details >

Golf Tracker <= 0.7 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51607

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Golf Tracker

Researcher

LVT-tholv2k

More Details >

Lodgix.com Vacation Rental Website Builder <= 3.9.73 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50539

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Lodgix.com Vacation Rental Website Builder

Researcher

LVT-tholv2k

More Details >

Market 360 Viewer <= 1.01 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51619

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Market 360 Viewer

Researcher

LVT-tholv2k

More Details >

Porsline <= 1.0.2 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51620

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Porsline

Researcher

LVT-tholv2k

More Details >

Quran Shortcode <= 1.5 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51625

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Quran Shortcode

Researcher

LVT-tholv2k

More Details >

RSVP ME <= 1.9.9 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-50544

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
RSVP ME

Researcher

LVT-tholv2k

More Details >

Simple Job Manager <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51602

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Job Manager

Researcher

LVT-tholv2k

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-6479

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce

Researchers

Jonas Höbenreich

Dmitry Derr

Thies Lukas

More Details >

Website price calculator <= 4.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51601

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Website price calculator

Researcher

LVT-tholv2k

More Details >

Woocommerce Quote Calculator <= 1.1 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51626

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Woocommerce Quote Calculator

Researcher

LVT-tholv2k

More Details >

WP EIS <= 1.3.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51623

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP EIS

Researcher

LVT-tholv2k

More Details >

(dp) AddThis <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50540

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
(dp) AddThis

Researcher

SOPROBRO

More Details >

3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51578

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
3D Presentation

Researcher

SOPROBRO

More Details >

Aajoda Testimonials <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51614

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Aajoda Testimonials

Researcher

SOPROBRO

More Details >

Accordion title for Elementor <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51685

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Accordion title for Elementor

Researcher

Michael

More Details >

Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50541

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Advanced Control Manager for WordPress by ItalyStrap

Researcher

Gab

More Details >

affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10227

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
affiliate-toolkit – WP Affiliate Plugin with Amazon

Researcher

Peter Thaleikis

More Details >

Alley Elementor Widget <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50521

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Alley Elementor Widget

Researcher

Gab

More Details >

amazing neo icon font for elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50543

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
amazing neo icon font for elementor

Researcher

Gab

More Details >

AMP Img Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51576

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AMP Img Shortcode

Researcher

SOPROBRO

More Details >

Ancient World Linked Data <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50520

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Ancient World Linked Data for WordPress

Researcher

Zlrqh

More Details >

Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10226

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Arconix Shortcodes

Researcher

Peter Thaleikis

More Details >

aThemes Addons for Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51675

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
aThemes Addons for Elementor

Researcher

Khalid Yusuf

More Details >

AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10232

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Group Chat & Video Chat by AtomChat

Researcher

Peter Thaleikis

More Details >

Audio Comparison Lite <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51627

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Audio Comparison Lite

Researcher

SOPROBRO

More Details >

Awesome Progress Bar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50548

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Awesome Progress Bar

Researcher

theviper17y

More Details >

AwesomePress <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51616

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
AwesomePress

Researcher

SOPROBRO

More Details >

Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9505

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Beaver Builder – WordPress Page Builder

Researcher

zer0gh0st

More Details >

Bigmart Elements <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51589

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Bigmart Elements

Researcher

Gab

More Details >

Black Widgets For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51662

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Black Widgets For Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9388

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Black Widgets For Elementor

Researcher

Francesco Carlucci

More Details >

Bonway Static Block Editor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50549

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Bonway Static Block Editor

Researcher

SOPROBRO

More Details >

bpmn.io <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51577

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
bpmn.io

Researcher

SOPROBRO

More Details >

Business <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51596

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WordPress Business Plugin

Researcher

SOPROBRO

More Details >

Classy Addons for Elementor <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50553

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Classy Addons for Elementor

Researcher

Gab

More Details >

Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51580

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Clever Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Clyp <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51617

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Clyp

Researcher

SOPROBRO

More Details >

Cresta Addons for Elementor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51680

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Cresta Addons for Elementor

Researcher

Gab

More Details >

Custom Admin Menu <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51618

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Custom Admin Menu

Researcher

SOPROBRO

More Details >

Custom post type templates for Elementor <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51683

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Custom post type templates for Elementor

Researcher

Gab

More Details >

DataMentor <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50545

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
DataMentor – Best DataTables Plugin for Elementor

Researcher

Michael

More Details >

Definitive Addons for Elementor <= 1.5.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51587

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Definitive Addons for Elementor

Researcher

Gab

More Details >

Delisho <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51676

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Delisho – Recipe Widgets and Blocks

Researcher

Khalid Yusuf

More Details >

Display Terms Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51610

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Display Terms Shortcode

Researcher

SOPROBRO

More Details >

Ditty <= 3.1.46 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9600

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists

Researcher

Dmitrii Ignatyev

More Details >

Easy SVG Upload <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9708

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Easy SVG Upload

Researcher

Francesco Carlucci

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10310

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

zer0gh0st

More Details >

Elementary Addons <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51586

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Elementary Addons

Researcher

Gab

More Details >

Elo Rating Shortcode <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51678

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Elo Rating Shortcode

Researcher

theviper17y

More Details >

Emoji Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51609

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Emoji Shortcode

Researcher

SOPROBRO

More Details >

EndomondoWP <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50551

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
EndomondoWP

Researcher

SOPROBRO

More Details >

Extender All In One For Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51575

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Extender All In One For Elementor

Researcher

Gab

More Details >

EzyOnlineBookings Online Booking System Widget <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51628

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
EzyOnlineBookings Online Booking System Widget

Researcher

SOPROBRO

More Details >

GDReseller <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50536

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
GDReseller

Researcher

SOPROBRO

More Details >

Genoo <= 6.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51605

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Genoo

Researcher

SOPROBRO

More Details >

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9165

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

Researcher

Francesco Carlucci

More Details >

Gmap Point List <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51594

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Gmap Point List

Researcher

SOPROBRO

More Details >

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9655

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Webbernaut

More Details >

Header Footer Composer for Elementor <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51629

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Header Footer Composer for Elementor

Researcher

Michael

More Details >

Hoo Addons for Elementor <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51590

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Hoo Addons for Elementor

Researcher

Gab

More Details >

Hover Video Preview <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50552

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Hover Video Preview

Researcher

SOPROBRO

More Details >

HT Builder – WordPress Theme Builder for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51682

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
HT Builder – WordPress Theme Builder for Elementor

Researcher

Gab

More Details >

HT Politic <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51673

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
HT Politic – For Political WordPress Themes / Website

Researcher

Khalid Yusuf

More Details >

HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10223

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
WP Team – WordPress Team Member Plugin

Researcher

Peter Thaleikis

More Details >

ID-SK Toolkit <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50517

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
ID-SK Toolkit

Researcher

Gab

More Details >

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9376

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Researcher

Francesco Carlucci

More Details >

Kento Ads Rotator <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51583

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Kento Ads Rotator

Researcher

SOPROBRO

More Details >

Knowledge Base <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51677

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Knowledge Base

Researcher

SOPROBRO

More Details >

LH QR Codes <= 1.06 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51572

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
LH QR Codes

Researcher

SOPROBRO

More Details >

Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51665

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Researcher

João Pedro Soares de Alcântara

More Details >

Marquee Elementor with Posts <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51584

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Marquee Elementor with Posts

Researcher

Gab

More Details >

MasterBip para Elementor <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51571

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
MasterBip para Elementor

Researcher

Gab

More Details >

Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10000

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress

Researcher

floerer

More Details >

Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10482

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools

Researcher

Bob Matyas

More Details >

Media Modal <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51604

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Media Modal

Researcher

SOPROBRO

More Details >

Meta Store Elements <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51592

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Meta Store Elements

Researcher

Gab

More Details >

ML Responsive Audio player with playlist Shortcode <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51573

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
ML Responsive Audio player with playlist Shortcode

Researcher

SOPROBRO

More Details >

MyOrderDesk <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50546

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
MyOrderDesk

Researcher

SOPROBRO

More Details >

Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10181

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Newsletters

Researcher

Peter Thaleikis

More Details >

NMR Strava activities <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51603

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
NMR Strava activities

Researcher

SOPROBRO

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10367

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Francesco Carlucci

More Details >

Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10266

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Premium Addons for Elementor

Researcher

zer0gh0st

More Details >

Pricer Ninja <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50518

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly

Researcher

SOPROBRO

More Details >

Reftagger Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51612

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Reftagger Shortcode

Researcher

SOPROBRO

More Details >

Restaurant & Cafe Addon for Elementor <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51581

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Restaurant & Cafe Addon for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

RLM Elementor Widgets Pack <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50542

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
RLM Elementor Widgets Pack

Researcher

Gab

More Details >

Sales Page Addon – Elementor & Beaver Builder <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51585

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Sales Page Addon – Elementor & Beaver Builder

Researcher

Gab

More Details >

Sastra Essential Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51674

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates

Researcher

Khalid Yusuf

More Details >

Selar.co Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51598

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Selar.co Widget

Researcher

SOPROBRO

More Details >

Show Visitor IP Address <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50538

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Show Visitor IP Address

Researcher

SOPROBRO

More Details >

Sided <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50554

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Sided

Researcher

SOPROBRO

More Details >

Simple Business Manager <= 4.6.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51599

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Business Manager

Researcher

C_T_R_L

More Details >

Simple Goods <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51574

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Simple Goods

Researcher

SOPROBRO

More Details >

SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6480

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SIP Reviews Shortcode for WooCommerce

Researchers

Jonas Höbenreich

Dmitry Derr

Thies Lukas

More Details >

SKSDEV Toolkit <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51595

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
SKSDEV Toolkit

Researcher

SOPROBRO

More Details >

Slicko <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51591

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Slicko

Researcher

Gab

More Details >

Smart Mockups <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50537

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Smart Mockups

Researcher

SOPROBRO

More Details >

SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10233

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
SMS Alert Order Notifications – WooCommerce

Researcher

Peter Thaleikis

More Details >

Step by Step <= 0.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50535

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Step by Step

Researcher

SOPROBRO

More Details >

StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10185

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
StreamWeasels YouTube Integration

Researcher

Peter Thaleikis

More Details >

Super Addons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51588

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Super Addons for Elementor

Researcher

Gab

More Details >

SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10184

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
StreamWeasels Kick Integration

Researcher

Peter Thaleikis

More Details >

T(-) Countdown <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9884

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
T(-) Countdown

Researcher

theviper17y

More Details >

Themedy Toolbox <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50547

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Themedy Toolbox

Researcher

theviper17y

More Details >

ThemeShark Templates & Widgets for Elementor <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51597

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
ThemeShark Templates & Widgets for Elementor

Researcher

Gab

More Details >

TradeMe widgets <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51613

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
TradeMe widgets

Researcher

SOPROBRO

More Details >

Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-8627

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Ultimate TinyMCE

Researcher

Francesco Carlucci

More Details >

Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9885

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Widget or Sidebar Shortcode

Researcher

theviper17y

More Details >

WM Zoom <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-50556

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WM Zoom

Researcher

SOPROBRO

More Details >

WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9886

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
WP Baidu Map

Researcher

theviper17y

More Details >

WP EASY RECIPE <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51622

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP EASY RECIPE

Researcher

SOPROBRO

More Details >

WP Feature Box <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51611

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
WP Feature Box

Researcher

SOPROBRO

More Details >

WP Pocket URLs <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51681

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
WP Pocket URLs

Researcher

SOPROBRO

More Details >

WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9446

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WP Simple Anchors Links

Researcher

theviper17y

More Details >

Курс валют UAH <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51593

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
Курс валют UAH

Researcher

SOPROBRO

More Details >

Addressbook <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51644

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Addressbook

Researcher

SOPROBRO

More Details >

Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51637

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Admin SMS Alert

Researcher

Joshua Chan

More Details >

Advanced PDF Generator <= 0.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51641

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Advanced PDF Generator

Researcher

SOPROBRO

More Details >

Amazon Associate Filter <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51643

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Amazon Associate Filter

Researcher

SOPROBRO

More Details >

APK Downloader <= 1.0.0 - Cross-Site Request Forgery to Stored Cross Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51654

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
APK Downloader

Researcher

SOPROBRO

More Details >

Appointmind <= 4.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51679

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Appointmind

Researcher

SOPROBRO

More Details >

Awesome Shortcodes For Genesis 1.1.8 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51638

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Awesome Shortcodes For Genesis

Researcher

SOPROBRO

More Details >

BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9896

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
BBP Core – Expand bbPress powered forums with useful features

Researcher

Colin Xu

More Details >

Custom Author URL <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51655

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Custom Author URL

Researcher

SOPROBRO

More Details >

Domain Sharding <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50533

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Domain Sharding

Researcher

SOPROBRO

More Details >

e-shops <= 1.0.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51648

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
e-shopsカート2

Researcher

SOPROBRO

More Details >

Events Manager Pro – extended <= 0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50532

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Events Manager Pro – extended

Researcher

SOPROBRO

More Details >

Featured Posts Scroll <= 1.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10922

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Featured Posts Scroll

Researcher

SOPROBRO

More Details >

Flash Show And Hide Box <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51656

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Flash Show And Hide Box

Researcher

SOPROBRO

More Details >

FraudLabs Pro SMS Verification <= 1.10.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51688

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
FraudLabs Pro SMS Verification

Researcher

SOPROBRO

More Details >

GMO Social Connection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51636

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Plugin Name: GMO Social Connection

Researcher

Joshua Chan

More Details >

Jigoshop – Store Exporter <= 1.5.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50519

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Jigoshop – Store Exporter

Researcher

Zlrqh

More Details >

MDR Webmaster Tools <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51640

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
MDR Webmaster Tools

Researcher

SOPROBRO

More Details >

Mobilize <= 3.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51649

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Mobilize

Researcher

SOPROBRO

More Details >

Naver Blog <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51639

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Naver Blog

Researcher

SOPROBRO

More Details >

Platform.ly Official <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51687

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Platform.ly Official

Researcher

SOPROBRO

More Details >

Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10048

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Post Status Notifier
Post Status Notifier Lite

Researcher

Colin Xu

More Details >

Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8871

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Pricing Tables WordPress Plugin – Easy Pricing Tables

Researcher

vgo0

More Details >

Random Featured Post <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51650

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Random Featured Post

Researcher

SOPROBRO

More Details >

ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8739

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
ReCaptcha Integration for WordPress

Researcher

vgo0

More Details >

Responsive Flickr Gallery <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51630

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Responsive Flickr Gallery

Researcher

SOPROBRO

More Details >

Seo Free <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51642

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Seo Free

Researcher

SOPROBRO

More Details >

SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9438

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
SEUR Oficial

Researcher

vgo0

More Details >

SH Slideshow <= 4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51632

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
SH Slideshow

Researcher

SOPROBRO

More Details >

Simple Page Specific Sidebars <= 2.14.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51633

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Simple Page Specific Sidebars

Researcher

SOPROBRO

More Details >

Skip To <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51652

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Skip To

Researcher

SOPROBRO

More Details >

SmartLink Dynamic URLs <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51657

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
SmartLink Dynamic URLs

Researcher

SOPROBRO

More Details >

Sticky Social Bar <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51631

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Sticky Social Bar

Researcher

SOPROBRO

More Details >

Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-8792

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Subscribe to Comments

Researcher

vgo0

More Details >

ThemeFuse Maintenance Mode <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51645

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
ThemeFuse Maintenance Mode

Researcher

SOPROBRO

More Details >

Twitter @Anywhere Plus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51659

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Twitter @Anywhere Plus

Researcher

SOPROBRO

More Details >

UPDATE NOTIFICATIONS <= 0.3.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51653

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
UPDATE NOTIFICATIONS

Researcher

SOPROBRO

More Details >

W3P SEO <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51684

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
W3P SEO

Researcher

SOPROBRO

More Details >

Webriti Custom Login <= 0.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51634

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
Webriti Custom Login

Researcher

SOPROBRO

More Details >

WeChat Subscribers Lite <= 1.6.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50522

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WeChat Subscribers Lite 微信公众订阅号插件

Researcher

ardias

More Details >

While Loading <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51635

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
While Loading

Researcher

SOPROBRO

More Details >

World Prayer Time <= 2.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-50534

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
World Prayer Time

Researcher

SOPROBRO

More Details >

WP Course Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51658

Patch Status
Unpatched

Published
Nov 1, 2024

Affected Software
WP Course Manager

Researcher

SOPROBRO

More Details >

WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9434

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
WPGlobus Translate Options

Researcher

vgo0

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-9868

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

zer0gh0st

More Details >

Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-7424

Patch Status
Patched

Published
Oct 31, 2024

Affected Software
Multiple Page Generator Plugin – MPG

Researcher

Rafshanzani Suhada

More Details >

Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10540

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Researcher

Arkadiusz Hydzik

More Details >

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-9700

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Researcher

Vijaysimha Reddy (vijaysimha)

More Details >

Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-9430

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Get Quote For Woocommerce – Request A Quote For Woocommerce

Researcher

stehled

More Details >

Jetpackcrm Ext Woo Connect < 2.13 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
Unknown

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Jetpackcrm Ext Woo Connect
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

Researcher(s): Unknown

More Details >

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-50528

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder

Researcher

stealthcopter

More Details >

Woo Manage Fraud Orders <= 2.6.1 - Unauthenticated Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10544

Patch Status
Unpatched

Published
Oct 30, 2024

Affected Software
Woo Manage Fraud Orders

Researcher

Colin Xu

More Details >

BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-51672

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing

Researcher

Marek Mikita

More Details >

Code Explorer <= 1.4.5 - Authenticated (Admin+) External File Reading

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2023-5816

Patch Status
Unpatched

Published
Oct 29, 2024

Affected Software
Code Explorer

Researcher

Dmitrii Ignatyev

More Details >

Beds24 Online Booking <= 2.0.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51664

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Beds24 Online Booking

Researcher

Roby Firnando Yusuf

More Details >

Bricksable for Bricks Builder <= 1.6.59 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51663

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Bricksable for Bricks Builder

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51670

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

casol

More Details >

MailPoet <= 5.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-10103

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
MailPoet – Newsletters, Email Marketing, and Automation

Researcher

Dmitrii Ignatyev

More Details >

MyCurator Content Curation <= 3.78 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-51668

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
MyCurator Content Curation

Researcher

Joshua Chan

More Details >

SEO Plugin by Squirrly SEO <= 12.3.20 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-10515

Patch Status
Patched

Published
Oct 30, 2024

Affected Software
SEO Plugin by Squirrly SEO

Researcher

Dmitrii Ignatyev

More Details >

BTEV <= Cross-Site Request Forgery to Plugin Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10677

Patch Status
Unpatched

Published
Oct 31, 2024

Affected Software
BTEV

Researcher

Bob Matyas

More Details >

CM Table Of Contents <= 1.2.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5030

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
CM Table Of Contents – WordPress TOC Plugin

Researcher

Felipe Caon

More Details >

Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10399

Patch Status
Patched

Published
Oct 29, 2024

Affected Software
Download Monitor

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Dynamic Widgets <= 1.6.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51669

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Dynamic Widgets

Researcher

Ananda Dhakal

More Details >

Easy Accordion Gutenberg Block <= 1.2.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51660

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Easy Accordion Gutenberg Block

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10312

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Exclusive Addons for Elementor

Researcher

Ankit Patel

More Details >

Manage User Columns <= 1.0.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51686

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Manage User Columns

Researcher

thiennv

More Details >

Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10360

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
Move Addons for Elementor

Researcher

Ankit Patel

More Details >

Otter - Gutenberg Block <= 3.0.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51671

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Rafie Muhammad

More Details >

Paytium <= 4.4.10 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51667

Patch Status
Patched

Published
Nov 1, 2024

Affected Software
Paytium: Mollie payment forms & donations

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10437

Patch Status
Patched

Published
Oct 28, 2024

Affected Software
WPC Smart Messages for WooCommerce

Researcher

Francesco Carlucci

More Details >


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024) appeared first on Wordfence.

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

40.4%

Related for WORDFENCE:9D8428535D8700D98FAE118FCA67CE87