Severity
Medium
Analysis Summary
CVE-2024-47330 CVSS:4.3
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
CVE-2024-43237 CVSS:5.3
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3.
CVE-2024-9073 CVSS:6.4
The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVE-2024-47305 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.
CVE-2024-47303 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.
Impact
- Gain Access
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-47330
- CVE-2024-43237
- CVE-2024-9073
- CVE-2024-47305
- CVE-2024-47303
Affected Vendors
Affected Products
- Supsystic Slider by Supsystic - n/a
- Supsystic Social Share Buttons by Supsystic - n/a
- wpopal GutenGeek Free Gutenberg Blocks for WordPress - *
- Dnesscarkey Use Any Font - n/a
- TaxoPress WordPress Tag Cloud Plugin Tag Groups - n/a
- Livemesh Addons for Elementor - n/a
Remediation
Upgrade to the latest version of Plugin for WordPress, available from the WordPress Website.