CVE-2024-9422 – GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9422
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. • https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f •
CVE-2024-9828 – Taskbuilder < 3.0.5 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks • https://wpscan.com/vulnerability/eb2d0932-fd47-4aef-9d08-4377c742bb6e •
CVE-2024-9768 – Formidable Forms < 6.14.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-9768
The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/3c4ff11b-4a06-433d-8f0e-4069865721c0 •
CVE-2024-8157 – Alphabetical List <= 1.0.3 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-8157
The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack • https://wpscan.com/vulnerability/9bc18c41-fc4c-48c9-bcec-323c502ae620 •
CVE-2024-5029 – CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2024-5029
The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. • https://wpscan.com/vulnerability/f0f4a33c-9dd2-45ee-82e7-4b8bc2c20094 •