Security Vulnerabilities - CVEs Published In October 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through 1.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-28
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.10.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-28
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a through 2.9.8.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-28
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
CVSS Score
9.8
EPSS Score
0.288
Published
2024-10-28
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-10-28
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-10-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-10-28
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
CVSS Score
10.0
EPSS Score
0.923
Published
2024-10-28
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
CVSS Score
9.8
EPSS Score
0.645
Published
2024-10-28
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-10-28