In Ebook Store plugin versions 5.8001 and prior a medium severity vulnerability CVE-2024-12262 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the ‘step’ parameter due to insufficient input sanitization and output escaping. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12262.
Read more CMS
In Elementor Header & Footer Builder plugin versions 1.6.46 and prior a medium severity vulnerability CVE-2024-11230 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the ‘size’ parameter, which will execute whenever a user accesses an injected page. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11230.
Read more CMS
In the LaTeX2HTML plugin for WordPress all versions up to 2.5.5 a medium severity vulnerability CVE-2024-11688 was detected. This vulnerability allows attackers to execute arbitrary scripts in the context of the user’s browser, potentially leading to session hijacking, defacement, or other malicious activities. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11688.
Read more CMS
In the real.Kit plugin for WordPress all versions up to 5.1.1 a medium severity vulnerability CVE-2024-12697 was detected. This vulnerability allows attackers with certain access to add harmful scripts to a website. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12697.
Read more CMS
In WP SHAPES plugin for WordPress versions up to and including 1.0.0 a medium severity vulnerability CVE-2024-9619 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts through SVG file uploads, which execute when users access the SVG file. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9619.
Read more CMS
In Liferay Portal versions 7.1.0 through 7.4.3.38 and Liferay DXP versions 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28 a medium severity vulnerability CVE-2024-11993 was detected. This vulnerability allows attackers to inject malicious code into a web page, which can then steal sensitive information or trick users into performing unwanted actions. To fix this issue, users should upgrade Liferay Portal to versions 7.4.3.39 and later and Liferay DXP to versions, 7.4 update 39 and later, 7.3 update 37 and later, 7.2 fix pack 21 and later, 7.1 fix pack 29 and later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11993.
Read more CMS
In Opt-In Downloads plugin for WordPress versions up to 4.07 a high severity vulnerability CVE-2024-10590 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to upload arbitrary files, potentially leading to remote code execution (RCE) on NGINX servers. To address this issue, users must upgrade to a version later than 4.07. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10590.
Read more CMS
In Cognito Forms plugin for WordPress versions up to 2.0.6 a medium severity vulnerability CVE-2024-10182 was detected. This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages, which execute whenever a user accesses an affected page. To address this issue, users must upgrade to a version later than 2.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10182.
Read more CMS
In HQ Rental Software plugin for WordPress versions up to 1.5.29 a high severity vulnerability CVE-2024-11689 was detected. This vulnerability allows unauthenticated attackers to update arbitrary options, potentially leading to privilege escalation, by tricking a site administrator into performing an action such as clicking on a link. To address this issue, users must upgrade to a version later than 1.5.29. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11689.
Read more CMS