How severe is CVE-2024-9184?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-9184?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-9184

HIGH Year: 2024

CVSS v3 Score

7.2

High

Weakness Type

CWE-79

View all →

Vulnerability Description

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2016-1000115

HIGH

CVSS:7.2(High)

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

CWE-792016

CVE-2016-1000116

HIGH

CVSS:7.2(High)

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

CWE-792016

CVE-2016-1000117

HIGH

CVSS:7.2(High)

XSS & SQLi in HugeIT slideshow v1.0.4

CWE-792016

CVE-2016-1000118

HIGH

CVSS:7.2(High)

XSS & SQLi in HugeIT slideshow v1.0.4

CWE-792016

CVE-2016-1000119

HIGH

CVSS:7.2(High)

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

CWE-792016

CVE-2016-15041

HIGH

CVSS:7.2(High)

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter ...

CWE-792016

CVE-2024-9184

Vulnerability Description

Related Vulnerabilities

CVE-2016-1000115

CVE-2016-1000116

CVE-2016-1000117

CVE-2016-1000118

CVE-2016-1000119

CVE-2016-15041