Skip to main content
CVE-2024-8624 CRITICAL PATCH Act Now

The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-8791 CRITICAL PATCH Act Now

The Donation Forms by Charitable - Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Charitable
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8671 CRITICAL Act Now

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress Wooevents
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-8795 HIGH PATCH This Week

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ba Book Everything
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8623 HIGH PATCH This Week

The The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-8738 MEDIUM PATCH This Month

The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seriously Simple Stats
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8716 MEDIUM PATCH This Month

The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Xt Ajax Add To Cart For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8662 MEDIUM PATCH This Month

The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Koko Analytics
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8544 MEDIUM PATCH This Month

The Pixel Cat - Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Pixel Cat
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-8628 MEDIUM PATCH This Month

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber - MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailoptin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8657 MEDIUM PATCH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Garden Gnome Package
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8794 MEDIUM PATCH This Month

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Ba Book Everything
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38269 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38268 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38267 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Wx5600 T0 Firmware Wx3401 B0 Firmware Wx3100 T0 Firmware +38
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38266 MEDIUM This Month

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Dx3300 T0 Firmware Dx3300 T1 Firmware Dx3301 T0 Firmware +39
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-8432 MEDIUM PATCH This Month

The Appointment & Event Booking Calendar Plugin - Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Webba Booking
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy