Analysis Summary

CVE-2024-47330 CVSS:4.3

Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.

CVE-2024-43237 CVSS:5.3

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3.

CVE-2024-9073 CVSS:6.4

The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVE-2024-47305 CVSS:4.3

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

CVE-2024-47303 CVSS:6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.

Impact

• Gain Access
• Information Disclosure
• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2024-47330
• CVE-2024-43237
• CVE-2024-9073
• CVE-2024-47305
• CVE-2024-47303

Affected Vendors

Remediation

Upgrade to the latest version of Plugin for WordPress, available from the WordPress Website.

CVE-2024-47330

CVE-2024-43237

CVE-2024-9073

CVE-2024-47305

CVE-2024-47303