Security Vulnerabilities - CVEs Published In October 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-10-28
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
CVSS Score
9.8
EPSS Score
0.54
Published
2024-10-28
Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3.
CVSS Score
8.8
EPSS Score
0.265
Published
2024-10-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
CVSS Score
9.8
EPSS Score
0.398
Published
2024-10-28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles themes4wp-youtube-external-subtitles allows DOM-Based XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through <= 1.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Trip Plan tripplan allows DOM-Based XSS.This issue affects Trip Plan: from n/a through <= 1.0.10.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martindrapeau Amilia Store amilia-store allows Stored XSS.This issue affects Amilia Store: from n/a through <= 2.9.8.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
CVSS Score
9.8
EPSS Score
0.41
Published
2024-10-28
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-10-28
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-10-28