Patch Tuesday — December 2024

2024-12-10 · 1223 CVEs

CVEs published or modified the week of 2024-12-10, partitioned by vendor.

Microsoft (112 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49112Critical9.82024-12-12Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2024-49147Critical9.32024-12-12Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
CVE-2024-49125High8.82024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49117High8.82024-12-12Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-49104High8.82024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49102High8.82024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49093High8.82024-12-12Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-49086High8.82024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49085High8.82024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49080High8.82024-12-12Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-49105High8.42024-12-12Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-49063High8.42024-12-12Microsoft/Muzic Remote Code Execution Vulnerability
CVE-2024-49068High8.22024-12-12Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-49132High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49128High8.12024-12-12Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2024-49127High8.12024-12-12Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2024-49126High8.12024-12-12Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2024-49124High8.12024-12-12Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
CVE-2024-49123High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49122High8.12024-12-12Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-49120High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49119High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49118High8.12024-12-12Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-49116High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49115High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49108High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49106High8.12024-12-12Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49057High8.12024-12-12Microsoft Defender for Endpoint on Android Spoofing Vulnerability
CVE-2024-49142High7.82024-12-12Microsoft Access Remote Code Execution Vulnerability
CVE-2024-49138High7.8KEV2024-12-12Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-49114High7.82024-12-12Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-49090High7.82024-12-12Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-49088High7.82024-12-12Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-49079High7.82024-12-12Input Method Editor (IME) Remote Code Execution Vulnerability
CVE-2024-49076High7.82024-12-12Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2024-49074High7.82024-12-12Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-49072High7.82024-12-12Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49069High7.82024-12-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43600High7.82024-12-12Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-53959High7.82024-12-10Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53956High7.82024-12-10Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53955High7.82024-12-10Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53954High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53953High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52997High7.82024-12-10Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52990High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52989High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52988High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52987High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52986High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52985High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52984High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52983High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52982High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49545High7.82024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49544High7.82024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49543High7.82024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49538High7.82024-12-10Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49537High7.82024-12-10After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49513High7.82024-12-10PDFL SDK versions 21.0.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45156High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45155High7.82024-12-10Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49553High7.82024-12-10Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49551High7.82024-12-10Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49129High7.52024-12-12Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2024-49121High7.52024-12-12Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-49113High7.52024-12-12Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-49096High7.52024-12-12Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2024-49075High7.52024-12-12Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2024-49070High7.42024-12-12Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-49107High7.32024-12-12WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-43594High7.32024-12-12Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-49091High7.22024-12-12Windows Domain Name Service Remote Code Execution Vulnerability
CVE-2024-49089High7.22024-12-12Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49097High7.02024-12-12Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49095High7.02024-12-12Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49084High7.02024-12-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-49059High7.02024-12-12Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-49110Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49092Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49083Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49082Medium6.82024-12-12Windows File Explorer Information Disclosure Vulnerability
CVE-2024-49078Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49077Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49073Medium6.82024-12-12Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49111Medium6.62024-12-12Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49109Medium6.62024-12-12Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49101Medium6.62024-12-12Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49094Medium6.62024-12-12Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49081Medium6.62024-12-12Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49071Medium6.52024-12-12Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
CVE-2024-49064Medium6.52024-12-12Microsoft SharePoint Information Disclosure Vulnerability
CVE-2024-49062Medium6.52024-12-12Microsoft SharePoint Information Disclosure Vulnerability
CVE-2024-52537Medium6.32024-12-11Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability.
CVE-2024-49535Medium6.32024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide mali…
CVE-2024-49065Medium5.52024-12-12Microsoft Office Remote Code Execution Vulnerability
CVE-2024-53952Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-53951Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49549Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49548Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49547Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49546Medium5.52024-12-10InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49541Medium5.52024-12-10Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49554Medium5.52024-12-10Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-49531Medium5.52024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-45761Medium5.42024-12-09Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability.
CVE-2024-49087Medium4.62024-12-12Windows Mobile Broadband Driver Information Disclosure Vulnerability
CVE-2024-35117Medium4.42024-12-11IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVE-2024-49103Medium4.32024-12-12Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2024-49099Medium4.32024-12-12Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2024-49098Medium4.32024-12-12Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2023-23472Low3.12024-12-11IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

Other vendors (1111 CVEs across 558 vendors)

Adobe · 128 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54036Critical9.32024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-54034Critical9.32024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54032Critical9.32024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-54037High8.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-53958High7.82024-12-10Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53957High7.82024-12-10Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53003High7.82024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53002High7.82024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53001High7.82024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-53000High7.82024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52999High7.82024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52996High7.82024-12-10Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52995High7.82024-12-10Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-52994High7.82024-12-10Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49552High7.82024-12-10Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49530High7.82024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-43729Medium6.52024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-54051Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
CVE-2024-54050Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
CVE-2024-54049Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54048Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54047Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54046Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54045Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54044Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54043Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-54042Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-49550Medium6.12024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-53006Medium5.52024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-53005Medium5.52024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-53004Medium5.52024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-52833Medium5.52024-12-10Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-49534Medium5.52024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49533Medium5.52024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49532Medium5.52024-12-10Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-53960Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52993Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52992Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52991Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52865Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52864Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52862Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52861Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52860Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52859Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52858Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52857Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52855Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52854Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52853Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52852Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52851Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52850Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52849Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52848Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52847Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52846Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52845Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52844Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52843Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52842Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52841Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52840Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52839Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52838Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52837Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52836Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52835Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52834Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52832Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52830Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52829Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52828Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52827Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52826Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52825Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52824Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52823Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52822Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-52818Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52817Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-52816Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43754Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
CVE-2024-43752Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43751Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43750Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43749Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43748Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43747Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43746Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43745Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-43744Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43743Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43742Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43740Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43739Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43738Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
CVE-2024-43737Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43736Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43735Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-43734Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43733Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43730Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43728Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43727Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43726Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43725Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43724Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43723Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43722Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43721Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43720Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43719Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43718Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43715Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43714Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43713Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
CVE-2024-43712Medium5.42024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
CVE-2024-54041Medium5.42024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-54040Medium5.42024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-54039Medium5.42024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-43732Medium4.62024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
CVE-2024-43731Medium4.32024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-43717Medium4.32024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-43716Medium4.32024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-54038Medium4.32024-12-10Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-52831Low3.52024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
CVE-2024-43755Low3.52024-12-10Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.

Apple · 53 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54534Critical9.82024-12-12The issue was addressed with improved memory handling.
CVE-2024-54506Critical9.82024-12-12An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2024-54465Critical9.82024-12-12A logic issue was addressed with improved state management.
CVE-2024-44299Critical9.82024-12-12The issue was addressed with improved bounds checks.
CVE-2024-44242Critical9.82024-12-12The issue was addressed with improved bounds checks.
CVE-2024-44241Critical9.82024-12-12The issue was addressed with improved bounds checks.
CVE-2024-54505High8.82024-12-12A type confusion issue was addressed with improved memory handling.
CVE-2024-54498High8.82024-12-12A path handling issue was addressed with improved validation.
CVE-2024-54514High8.62024-12-12The issue was addressed with improved checks.
CVE-2024-54529High7.82024-12-12A logic issue was addressed with improved checks.
CVE-2024-54515High7.82024-12-12A logic issue was addressed with improved restrictions.
CVE-2024-54489High7.82024-12-12A path handling issue was addressed with improved validation.
CVE-2024-44291High7.82024-12-12A logic issue was addressed with improved file handling.
CVE-2024-44225High7.82024-12-12A logic issue was addressed with improved checks.
CVE-2024-44224High7.82024-12-12A permissions issue was addressed with additional restrictions.
CVE-2024-54508High7.52024-12-12The issue was addressed with improved memory handling.
CVE-2024-54479High7.52024-12-12The issue was addressed with improved checks.
CVE-2024-54528High7.12024-12-12A logic issue was addressed with improved restrictions.
CVE-2024-44245High7.12024-12-12The issue was addressed with improved memory handling.
CVE-2024-54502Medium6.52024-12-12The issue was addressed with improved checks.
CVE-2024-54486Medium6.52024-12-12The issue was addressed with improved checks.
CVE-2024-44248Medium6.52024-12-12This issue was addressed through improved state management.
CVE-2024-54494Medium5.92024-12-12A race condition was addressed with additional validation.
CVE-2024-54492Medium5.92024-12-12This issue was addressed by using HTTPS when sending information over the network.
CVE-2024-54531Medium5.52024-12-12The issue was addressed with improved memory handling.
CVE-2024-54527Medium5.52024-12-12This issue was addressed with improved checks.
CVE-2024-54526Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54524Medium5.52024-12-12A logic issue was addressed with improved file handling.
CVE-2024-54513Medium5.52024-12-12A permissions issue was addressed with additional restrictions.
CVE-2024-54504Medium5.52024-12-12A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-54501Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54500Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54495Medium5.52024-12-12The issue was addressed with improved permissions logic.
CVE-2024-54490Medium5.52024-12-12This issue was addressed by enabling hardened runtime.
CVE-2024-54484Medium5.52024-12-12The issue was resolved by sanitizing logging.
CVE-2024-54477Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54476Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54474Medium5.52024-12-12The issue was addressed with improved checks.
CVE-2024-54471Medium5.52024-12-12This issue was addressed with additional entitlement checks.
CVE-2024-44300Medium5.52024-12-12A logic issue was addressed with improved file handling.
CVE-2024-44243Medium5.52024-12-12A configuration issue was addressed with additional restrictions.
CVE-2024-44220Medium5.52024-12-12The issue was addressed with improved memory handling.
CVE-2024-44201Medium5.52024-12-12The issue was addressed with improved memory handling.
CVE-2024-54466Medium5.32024-12-12An authorization issue was addressed with improved state management.
CVE-2024-44246Medium5.32024-12-12The issue was addressed with improved routing of Safari-originated requests.
CVE-2024-44212Medium5.32024-12-12A cookie management issue was addressed with improved state management.
CVE-2024-54510Medium5.12024-12-12A race condition was addressed with improved locking.
CVE-2024-54503Medium4.22024-12-12An inconsistent user interface issue was addressed with improved state management.
CVE-2024-54493Low3.32024-12-12This issue was addressed through improved state management.
CVE-2024-54491Low3.32024-12-12The issue was resolved by sanitizing logging.
CVE-2024-44290Low3.32024-12-12This issue was addressed with improved redaction of sensitive information.
CVE-2024-44200Low3.32024-12-12This issue was addressed with improved redaction of sensitive information.
CVE-2024-54485Low2.42024-12-12The issue was addressed by adding additional logic.

N/a · 46 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54811Critical9.82024-12-12A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
CVE-2024-54810Critical9.82024-12-12A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.
CVE-2024-55099Critical9.82024-12-12A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVE-2024-54842Critical9.82024-12-12A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.
CVE-2024-53480Critical9.82024-12-10Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
CVE-2024-46340Critical9.82024-12-10TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.
CVE-2024-46442Critical9.82024-12-10An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
CVE-2024-45494Critical9.82024-12-10An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0).
CVE-2024-45493Critical9.82024-12-10An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0).
CVE-2024-54751Critical9.82024-12-10COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-55586Critical9.82024-12-10Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.
CVE-2024-46455Critical9.82024-12-09unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
CVE-2024-48956Critical9.82024-12-09Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
CVE-2024-55564Critical9.82024-12-09The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.
CVE-2024-53441Critical9.12024-12-09An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
CVE-2024-40583Critical9.12024-12-09Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
CVE-2024-55884Critical9.02024-12-12In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-C…
CVE-2024-55587High8.82024-12-12python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
CVE-2024-55500High8.82024-12-10Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.
CVE-2024-50930High8.82024-12-10An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
CVE-2024-50920High8.82024-12-10Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
CVE-2024-55579High8.82024-12-09An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR.
CVE-2024-21544High8.62024-12-13Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before t…
CVE-2024-21542High8.62024-12-10Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
CVE-2024-46341High8.02024-12-10TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.
CVE-2024-50699High8.02024-12-10TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
CVE-2024-53919High7.62024-12-10An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command executi…
CVE-2024-46547High7.52024-12-09A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page.
CVE-2024-40582High7.52024-12-09Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
CVE-2024-55580High7.52024-12-09An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR.
CVE-2024-21543High7.12024-12-13Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails.
CVE-2024-55566Medium6.62024-12-09ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG).
CVE-2024-50928Medium6.52024-12-10Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.
CVE-2024-50924Medium6.52024-12-10Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
CVE-2024-50921Medium6.52024-12-10Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.
CVE-2024-31670Medium6.32024-12-12rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.
CVE-2024-50929Medium6.22024-12-10Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).
CVE-2024-53481Medium6.12024-12-10A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
CVE-2024-55582Medium5.72024-12-09Oxide before 6 has unencrypted Control Plane datastores.
CVE-2024-55918Medium5.32024-12-13An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl.
CVE-2023-43962Medium4.82024-12-09Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab.
CVE-2024-50931Medium4.62024-12-10Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
CVE-2022-29974Medium4.32024-12-09AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow.
CVE-2024-55578Medium4.32024-12-09Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
CVE-2024-55565Medium4.32024-12-09nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values.
CVE-2024-12346Low3.52024-12-09A vulnerability has been found in Talentera up to 20241128 and classified as problematic.

Gstreamer · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47615Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47613Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47607Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47540Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47539Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47538Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47537Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47834Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47777Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47776Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47775Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47774Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47600Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47598Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47597Critical9.12024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47835High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47778High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47603High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47602High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47601High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47599High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47596High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47546High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47545High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47544High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47543High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47542High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.
CVE-2024-47541High7.52024-12-12GStreamer is a library for constructing graphs of media-handling components.

Huawei · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54098High8.52024-12-12Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2024-54097High7.32024-12-12Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.
CVE-2024-54107High7.12024-12-12Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54106High7.12024-12-12Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54099Medium6.72024-12-12File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-54113Medium6.52024-12-12Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption.
CVE-2024-54109Medium6.52024-12-12Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54108Medium6.52024-12-12Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54122Medium6.22024-12-12Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-54119Medium6.22024-12-12Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54117Medium6.22024-12-12Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54110Medium6.22024-12-12Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54104Medium6.22024-12-12Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54101Medium6.22024-12-12Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54100Medium6.22024-12-12Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-54103Medium6.12024-12-12Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54102Medium6.12024-12-12Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54111Medium5.72024-12-12Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54112Medium5.52024-12-12Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54096Medium5.32024-12-12Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.
CVE-2024-54105Medium5.12024-12-12Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54114Medium4.42024-12-12Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54116Medium4.32024-12-12Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-54115Medium4.32024-12-12Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.

Dell · 22 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37143Critical10.02024-12-10Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Ma…
CVE-2024-22461High8.82024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability.
CVE-2024-53290High8.42024-12-11Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.
CVE-2024-47484High8.22024-12-10Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
CVE-2024-37144High8.22024-12-10Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Ma…
CVE-2024-53289High7.82024-12-11Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability.
CVE-2024-49600High7.82024-12-09Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability.
CVE-2024-52538High7.62024-12-10Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
CVE-2024-47238High7.52024-12-12Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component.
CVE-2024-53292High7.22024-12-11Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper.
CVE-2024-47977High7.12024-12-10Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
CVE-2024-24902Medium6.62024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability.
CVE-2024-28980Medium6.52024-12-13Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH.
CVE-2024-38488Medium6.52024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability.
CVE-2024-49602Medium6.52024-12-09Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability.
CVE-2024-48008Medium5.32024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability.
CVE-2024-48007Medium5.32024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability.
CVE-2024-47984Medium4.42024-12-13Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability.
CVE-2024-45760Medium4.32024-12-09Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability.
CVE-2024-49603Medium4.32024-12-09Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability.
CVE-2024-42426Medium4.32024-12-09Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability.
CVE-2024-38485Medium4.32024-12-09Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability.

Lopalopa · 21 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54934Critical9.82024-12-09Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
CVE-2024-54932Critical9.82024-12-09Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
CVE-2024-54931Critical9.82024-12-09A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVE-2024-54925Critical9.82024-12-09A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVE-2024-54924Critical9.82024-12-09A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
CVE-2024-54923Critical9.82024-12-09A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department param…
CVE-2024-54921Critical9.82024-12-09A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and…
CVE-2024-54918Critical9.82024-12-09Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
CVE-2024-54920Critical9.82024-12-09A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname…
CVE-2024-54926High8.82024-12-09A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVE-2024-54938High7.52024-12-09A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
CVE-2024-54928High7.22024-12-09kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
CVE-2024-54927High7.22024-12-09Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
CVE-2024-54933High7.22024-12-09Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVE-2024-54930High7.22024-12-09Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVE-2024-54922High7.22024-12-09A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username…
CVE-2024-54929High7.22024-12-09KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
CVE-2024-54935Medium5.42024-12-09A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0.
CVE-2024-54919Medium5.42024-12-09A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0.
CVE-2024-54936Medium5.42024-12-09A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0.
CVE-2024-54937Medium5.32024-12-09A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

Ivanti · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11639Critical10.02024-12-10An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVE-2024-11773Critical9.12024-12-10SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVE-2024-11772Critical9.12024-12-10Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11634Critical9.12024-12-10Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11633Critical9.12024-12-10Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVE-2024-8540High8.82024-12-10Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
CVE-2024-9845High7.82024-12-11Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-8496High7.82024-12-11Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-11598High7.82024-12-11Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-11597High7.82024-12-11Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-10251High7.82024-12-11Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-37401High7.52024-12-12An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-37377High7.52024-12-12A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-9844High7.12024-12-10Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
CVE-2024-7572High7.12024-12-10Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
CVE-2024-10256High7.12024-12-10Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

Image Access Gmbh · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28139High8.82024-12-11The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password.
CVE-2024-28146High8.42024-12-12The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.
CVE-2024-28143High8.42024-12-12The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover.
CVE-2024-28138High7.32024-12-10An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.
CVE-2024-47946High7.22024-12-10If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens.
CVE-2024-28141Medium6.32024-12-11The web application is not protected against cross-site request forgery attacks.
CVE-2024-28140Medium6.12024-12-11The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window.
CVE-2024-28145Medium5.92024-12-12An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters.
CVE-2024-28144Medium5.52024-12-12An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management.
CVE-2024-47947Medium4.72024-12-12Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS.
CVE-2024-36498Medium4.72024-12-12Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS.
CVE-2024-36494Medium4.72024-12-12Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users.
CVE-2024-28142Medium4.72024-12-12Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users.
CVE-2024-50584Medium4.42024-12-12An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based…

Siemens · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-28398High8.82024-12-10A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM…
CVE-2024-54095High7.82024-12-10A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10).
CVE-2024-54094High7.82024-12-10A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5).
CVE-2024-54093High7.82024-12-10A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5).
CVE-2024-54091High7.82024-12-10A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3).
CVE-2024-53242High7.82024-12-10A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-53041High7.82024-12-10A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-49849High7.82024-12-10A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18…
CVE-2024-52051High7.32024-12-10A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19…
CVE-2024-49704Medium5.52024-12-10A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All vers…
CVE-2024-54005Medium5.12024-12-10A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All vers…
CVE-2024-53832Medium4.62024-12-10A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30).

Rti · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52061Critical9.82024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Co…
CVE-2024-52057Critical9.82024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6…
CVE-2024-52063High8.62024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 befor…
CVE-2024-52066High7.82024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7…
CVE-2024-52062High7.82024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6…
CVE-2024-52060High7.82024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer…
CVE-2024-52059High7.82024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue a…
CVE-2024-52058High7.82024-12-13Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7…
CVE-2024-52065High7.12024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional…
CVE-2024-52064High7.12024-12-13Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6…

Sap_se · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47578Critical9.12024-12-10Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application.
CVE-2024-54198High8.52024-12-10In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service.
CVE-2024-54197High7.22024-12-10SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests.
CVE-2024-47580Medium6.82024-12-10An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment.
CVE-2024-47579Medium6.82024-12-10An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server.
CVE-2024-47582Medium5.32024-12-10Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack.
CVE-2024-47585Medium4.32024-12-10SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation.
CVE-2024-47581Medium4.32024-12-10SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application.
CVE-2024-47576Low3.32024-12-10SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS.
CVE-2024-47577Low2.72024-12-10Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability.

Gitlab · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11274High8.72024-12-12An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to ses…
CVE-2024-8233High7.52024-12-12An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2.
CVE-2024-12570Medium6.72024-12-12An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2.
CVE-2024-9387Medium6.42024-12-12An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2.
CVE-2024-8647Medium5.42024-12-12An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2.
CVE-2024-8179Medium5.42024-12-12An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2.
CVE-2024-9367Medium4.32024-12-12An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of…
CVE-2024-12292Medium4.02024-12-12An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have…
CVE-2024-10043Low3.12024-12-12An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential in…

Code-projects · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12490Medium6.32024-12-12A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
CVE-2024-12489Medium6.32024-12-12A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
CVE-2024-12488Medium6.32024-12-12A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical.
CVE-2024-12487Medium6.32024-12-12A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical.
CVE-2024-12486Medium6.32024-12-12A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0.
CVE-2024-12485Medium6.32024-12-12A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0.
CVE-2024-12360Medium6.32024-12-09A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
CVE-2024-12359Low3.52024-12-09A vulnerability was found in code-projects Admin Dashboard 1.0.

Plextrac · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11838Critical9.82024-12-13External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11837Critical9.82024-12-13Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11834Critical9.12024-12-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11833Critical9.12024-12-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11839High7.52024-12-13Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11836High7.52024-12-13Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVE-2024-11835High7.52024-12-13Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Synology · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53285Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator priv…
CVE-2024-53284Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administr…
CVE-2024-53283Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administra…
CVE-2024-53282Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with admini…
CVE-2024-53281Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specif…
CVE-2024-53280Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with ad…
CVE-2024-53279Medium5.92024-12-09Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator pri…

Apache · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53677Critical9.82024-12-11File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Executi…
CVE-2024-53947Critical9.82024-12-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset.
CVE-2024-55633Medium6.52024-12-12Improper Authorization vulnerability in Apache Superset.
CVE-2024-53949Medium6.52024-12-09Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default).
CVE-2024-53948Medium5.32024-12-09Generation of Error Message Containing analytics metadata Information in Apache Superset.
CVE-2024-46901Low3.12024-12-09Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the r…

Drupal · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55638Critical9.82024-12-10Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
CVE-2024-55637Critical9.82024-12-10Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVE-2024-55636Critical9.82024-12-10Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVE-2024-55634High8.12024-12-10A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVE-2024-55635Medium6.12024-12-10Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
CVE-2024-12393Medium5.42024-12-10Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9…

Wp Onlinesupport, Essential Plugin · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39996Medium5.32024-12-13Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a th…
CVE-2022-46846Medium5.32024-12-13Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and W…
CVE-2023-30488Medium5.32024-12-09Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through 1.2.7.
CVE-2023-25703Medium5.32024-12-09Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with light…
CVE-2023-25060Medium5.32024-12-09Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbo…
CVE-2023-39995Medium4.32024-12-13Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.

Wpdeveloper · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47594Medium6.52024-12-13Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5.
CVE-2023-51360Medium6.52024-12-09Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through…
CVE-2023-51359Medium5.42024-12-09Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through…
CVE-2023-47762Medium4.32024-12-09Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5.2.
CVE-2023-47761Medium4.32024-12-09Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: fro…
CVE-2023-47760Medium4.32024-12-09Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through…

Anzar Ahmed · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54258High8.52024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through <= 1.3.0.
CVE-2024-54237High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through <= 1.3.0.
CVE-2024-54236High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Bulk Product Editor ni-woocommerce-product-editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk…
CVE-2024-54231High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export…
CVE-2023-32299Medium6.52024-12-09Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a thr…

Glpi-project · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47760High8.82024-12-11GLPI is a free asset and IT management software package.
CVE-2024-47758High8.82024-12-11GLPI is a free asset and IT management software package.
CVE-2024-48912High8.12024-12-11GLPI is a free asset and IT management software package.
CVE-2024-47761High7.22024-12-11GLPI is a free asset and IT management software package.
CVE-2024-50339Medium5.32024-12-12GLPI is a free asset and IT management software package.

Miniorange · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37987Medium6.52024-12-13Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.
CVE-2023-25455Medium5.32024-12-09Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login an…
CVE-2023-41873Medium4.32024-12-13Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.
CVE-2023-47776Medium4.32024-12-09Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a thro…
CVE-2023-24375Low3.52024-12-09Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login an…

Oring · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55547Critical9.82024-12-10SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
CVE-2024-55544High8.82024-12-10Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
CVE-2024-55548High7.52024-12-10Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
CVE-2024-55545Medium6.12024-12-10Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
CVE-2024-55546Medium5.42024-12-10Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Splunk · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53247High8.82024-12-10In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul…
CVE-2024-53244Medium5.72024-12-10In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a sav…
CVE-2024-53246Medium5.32024-12-10In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information.
CVE-2024-53243Medium4.32024-12-10In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk rol…
CVE-2024-53245Low3.12024-12-10In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a ro…

Themeum · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54282High7.22024-12-13Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through <= 1.4.2.
CVE-2024-11910Medium6.42024-12-13The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping.
CVE-2023-41870Medium4.32024-12-13Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
CVE-2024-11911Medium4.32024-12-13The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
CVE-2024-53816Medium4.32024-12-09Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.

Xwiki · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55877Critical9.92024-12-12XWiki Platform is a generic wiki platform.
CVE-2024-55662Critical9.92024-12-12XWiki Platform is a generic wiki platform.
CVE-2024-55663Critical9.82024-12-12XWiki Platform is a generic wiki platform.
CVE-2024-55879Critical9.12024-12-12XWiki Platform is a generic wiki platform.
CVE-2024-55876Medium5.42024-12-12XWiki Platform is a generic wiki platform.

Autodesk · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11608High7.82024-12-09A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.
CVE-2024-11454High7.82024-12-09A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
CVE-2024-11268Medium5.52024-12-09A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read.
CVE-2023-7298Medium4.42024-12-09A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability.

Awesomesupport · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54289Medium6.52024-12-13Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.3.1.
CVE-2023-49857Medium6.52024-12-09Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.
CVE-2023-49757Medium5.42024-12-09Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
CVE-2023-48324Medium5.42024-12-09Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.

B3log · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55660Critical9.82024-12-12SiYuan is a personal knowledge management system.
CVE-2024-55658High7.52024-12-12SiYuan is a personal knowledge management system.
CVE-2024-55657High7.52024-12-12SiYuan is a personal knowledge management system.
CVE-2024-55659Medium5.42024-12-12SiYuan is a personal knowledge management system.

Cjbi · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12481Medium6.32024-12-12A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
CVE-2024-12480Medium6.32024-12-12A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
CVE-2024-12479Medium6.32024-12-12A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical.
CVE-2024-12482Medium4.32024-12-12A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.

Digi · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50628High8.82024-12-09An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12.
CVE-2024-50627High8.82024-12-09An issue was discovered in Digi ConnectPort LTS before 1.4.12.
CVE-2024-50626High8.82024-12-09An issue was discovered in Digi ConnectPort LTS before 1.4.12.
CVE-2024-50625High8.02024-12-09An issue was discovered in Digi ConnectPort LTS before 1.4.12.

Google · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12382High8.82024-12-12Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-12381High8.82024-12-12Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-54317Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.
CVE-2024-12236Medium5.52024-12-10A security issue exists in Vertex Gemini API for customers using VPC-SC.

Hashthemes · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28990Medium4.32024-12-13Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9.
CVE-2023-27456Medium4.32024-12-13Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.
CVE-2024-12201Medium4.32024-12-12The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1.
CVE-2023-30486Medium4.32024-12-09Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.

Ibm · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52901Medium6.52024-12-12IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
CVE-2024-47117Medium5.42024-12-10IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting.
CVE-2024-51460Medium4.32024-12-11IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace.
CVE-2023-37395Low2.52024-12-11IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

Nicheaddons · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54316Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows DOM-Based XSS.This issue affects Restaurant…
CVE-2024-54315Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: fro…
CVE-2024-54314Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: fro…
CVE-2023-47826Medium6.52024-12-09Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5…

Properfraction · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12309Medium5.32024-12-13The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled…
CVE-2023-50882Medium5.32024-12-09Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through <= 4.13.2.
CVE-2024-10518Medium4.82024-12-12The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege…
CVE-2024-10517Medium4.82024-12-12The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privile…

Thimpress · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12283Medium6.12024-12-11The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.
CVE-2024-11868Medium5.32024-12-10The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php.
CVE-2024-9881Medium4.82024-12-12The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…
CVE-2024-10010Medium4.82024-12-12The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…

Think201 · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54246Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Stored XSS.This issue affects FAQs: from n/a through <= 1.0.2.
CVE-2024-54245Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients clients allows Stored XSS.This issue affects Clients: from n/a through <= 1.1.4.
CVE-2024-54244Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a through <= 1.3.
CVE-2024-54243Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza echoza allows Stored XSS.This issue affects Echoza: from n/a through <= 0.1.1.

Appsbd · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54242Medium6.52024-12-13Missing Authorization vulnerability in appsbd Simple Notification simple-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through <= 1.3.
CVE-2024-54241Medium6.52024-12-13Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification – S…
CVE-2023-47694Medium5.42024-12-09Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0.

Arena.im · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12463Medium6.42024-12-12The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitiza…
CVE-2024-11384Medium6.42024-12-12The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization a…
CVE-2024-12526Medium4.32024-12-12The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1.

Arraytics · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49756Medium5.42024-12-09Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
CVE-2023-47805Medium5.32024-12-09Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 2.2.22.
CVE-2024-11275Medium4.32024-12-13The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoin…

Codepeople · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23895Medium4.72024-12-09Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.
CVE-2023-25037Medium4.32024-12-09Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
CVE-2023-23814Low3.82024-12-09Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.

Fullworks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25714High7.52024-12-09Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVE-2023-25035Medium6.52024-12-09Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.
CVE-2023-23975Medium5.32024-12-09Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4.

Gfi · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11948Critical9.82024-12-12GFI Archiver Telerik Web UI Remote Code Execution Vulnerability.
CVE-2024-11949High8.82024-12-12GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.
CVE-2024-11947High8.82024-12-12GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.

Habitica · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53274Medium6.12024-12-12Habitica is an open-source habit-building program.
CVE-2024-53273Medium6.12024-12-12Habitica is an open-source habit-building program.
CVE-2024-53272Medium6.12024-12-12Habitica is an open-source habit-building program.

Joomsky · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46838Critical9.12024-12-13Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: f…
CVE-2023-28689Medium6.52024-12-09Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVE-2022-46840Medium5.42024-12-13Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: f…

Jwillber · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12351Medium6.32024-12-09A vulnerability classified as critical has been found in JFinalCMS 1.0.
CVE-2024-12350Medium6.32024-12-09A vulnerability was found in JFinalCMS 1.0.
CVE-2024-12349Medium4.32024-12-09A vulnerability was found in JFinalCMS 1.0.

Multivendorx · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51355High8.22024-12-09Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through <= 4.0.23.
CVE-2023-37971Medium6.52024-12-13Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1.
CVE-2023-50899Medium5.42024-12-09Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce…

Ni · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10496High7.82024-12-10An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.
CVE-2024-10495High7.82024-12-10An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.
CVE-2024-10494High7.82024-12-10An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution.

Pwndoc · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55602High7.62024-12-10PwnDoc is a penetration test report generator.
CVE-2024-55652Medium6.52024-12-12PenDoc is a penetration testing reporting application.
CVE-2024-55653Medium6.52024-12-10PwnDoc is a penetration test report generator.

Quantumcloud · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12417Medium6.52024-12-13The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5.
CVE-2024-11928Medium6.42024-12-10The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping.
CVE-2024-12156Medium6.12024-12-12The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization…

Razormist · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12354Medium5.32024-12-09A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0.
CVE-2024-12355Low3.32024-12-09A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic.
CVE-2024-12353Low3.32024-12-09A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0.

Red Hat · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12397High7.42024-12-12A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
CVE-2024-12401Medium4.42024-12-12A flaw was found in the cert-manager package.
CVE-2024-12369Medium4.22024-12-09A vulnerability was found in OIDC-Client.

Unifiedtransform · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12307Medium4.32024-12-09A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization.
CVE-2024-12306Medium4.32024-12-09Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers.
CVE-2024-12305Medium4.32024-12-09An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades.

Adnan · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53814Medium6.52024-12-09Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through <= 5.4.3.
CVE-2023-41695Low3.52024-12-13Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0.

Alexacrm · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28417Medium5.42024-12-09Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
CVE-2023-29422Medium4.32024-12-09Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.

Apollo13themes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27454Medium5.42024-12-09Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through…
CVE-2023-25959Medium5.42024-12-09Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.

Bakkbone Australia · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54347High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2…
CVE-2024-53798Medium5.42024-12-09Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.

Bowo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11107Medium6.12024-12-10The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVE-2024-10708Medium4.92024-12-10The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

Bqworks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41865Medium4.32024-12-13Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6.
CVE-2023-40331Medium4.32024-12-13Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.

Brainstorm Force · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23834Medium4.32024-12-09Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2023-23825Low3.12024-12-09Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.

Code-atlantic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10583Medium5.42024-12-12The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20…
CVE-2022-45819Low3.52024-12-13Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.

Cyberlord92 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10111High8.12024-12-12The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3.
CVE-2024-11901Medium6.42024-12-12The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping…

Fahad Mahmood · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54344High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1.
CVE-2023-32574Medium4.32024-12-13Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.

Falselight · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11760Medium6.42024-12-12The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitiza…
CVE-2024-54308Medium5.92024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Cryptocurrency Price Widget cryptocurrency-price-widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from…

G5theme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10910High7.32024-12-12The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5.
CVE-2023-34014Medium5.42024-12-13Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2.

Gallagher · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42407High8.52024-12-12Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted acce…
CVE-2024-41146Medium4.62024-12-12Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBU…

Genetech · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53822Critical10.02024-12-09Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVE-2024-52391Medium5.32024-12-09Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Hive Support · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54304High8.52024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2.
CVE-2024-54321Medium4.32024-12-13Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.

Horner Automation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9508High7.82024-12-13Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code.
CVE-2024-12212High7.82024-12-13The vulnerability occurs in the parsing of CSP files.

Imagination Technologies · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47892High7.82024-12-13Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
CVE-2024-46971High7.82024-12-13Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Kadencewp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10637Medium5.42024-12-12The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contrib…
CVE-2024-12581Medium4.42024-12-13The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and…

Karlkiesinger · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54226High7.12024-12-09Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2.
CVE-2024-11459Medium6.12024-12-12The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping.

Ltdrdata · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21574Critical10.02024-12-12The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension.
CVE-2024-21575High8.62024-12-12ComfyUI-Impact-Pack is vulnerable to Path Traversal.

Mayurik · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12357Medium4.32024-12-09A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic.
CVE-2024-12536Low3.52024-12-12A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.

Ninja Team · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25966Medium5.52024-12-09Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
CVE-2024-54269Medium4.32024-12-11Missing Authorization vulnerability in Ninja Team Notibar notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through <= 2.1.4.

Noah Hearle, Design Extreme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23986Medium5.42024-12-09Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business…
CVE-2023-25067Medium4.32024-12-09Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open!

Ogun Labs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53790High7.52024-12-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows PHP Local File Inclusion.This issue affects Lenxel Core for Lenxel(LNX) LMS: from…
CVE-2024-53791Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows DOM-Based XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a t…

Onthegosystems · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38383Medium5.42024-12-13Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
CVE-2023-29431Medium4.32024-12-09Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3…

Prodigycommerce · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54250Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8.
CVE-2024-54251Medium6.52024-12-09Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.

Propertyhive · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12465Medium6.42024-12-13The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sa…
CVE-2024-11940Medium6.42024-12-10The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping.

Reputeinfosystems · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54217Medium5.42024-12-09Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
CVE-2024-54223Medium5.32024-12-09Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1…

Roninwp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54215Critical9.32024-12-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18.
CVE-2024-54220High7.12024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through <= 5.6.

Samdani · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11766Medium6.42024-12-12The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and includin…
CVE-2024-11765Medium6.42024-12-12The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, an…

Schneider Electric · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11737Critical9.82024-12-11CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.
CVE-2024-10511Medium5.32024-12-11CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.

Sonalsinha21 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54346Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through <= 1.6.
CVE-2024-54345Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through <= 1.5.

Sparkle Themes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30476Medium4.32024-12-09Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2.
CVE-2023-28416Medium4.32024-12-09Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.

Stylemixthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40011Medium5.42024-12-13Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.
CVE-2022-43472Medium4.32024-12-13Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.

Supsystic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39997Medium5.32024-12-13Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2023-51353Medium5.32024-12-09Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19.

Thehp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54219High7.12024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
CVE-2024-54218Medium6.52024-12-09Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.

Themehunk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10124Critical9.82024-12-12The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions u…
CVE-2023-28688Medium5.42024-12-09Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7.

Webcodin · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32520High7.52024-12-13Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
CVE-2023-32519Medium4.32024-12-13Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.

1000 Projects · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12497High7.32024-12-12A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0.

10up · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32798Medium5.32024-12-13Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33995Medium4.32024-12-13Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.

3dweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48779Medium6.52024-12-09Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.

8degree Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47429Medium5.32024-12-13Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin…

A3rev Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32963Medium5.32024-12-13Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0.

Abcbiz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54247Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a…

Acato · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28536Medium5.32024-12-09Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0.

Acme Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47793Medium4.32024-12-09Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through <= 1.0.0.

Addons For Contact Form 7 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47830Medium5.42024-12-09Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1…

Aipost · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54307Medium4.32024-12-13Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1.

Aitool · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54306Medium4.32024-12-13Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Be…

Aleksandar Urošević · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27626Medium5.32024-12-09Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.

Alex Volkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41869Medium4.32024-12-13Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4.

Alexander Volkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53785Medium4.32024-12-09Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.

Aliakro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12018Medium4.32024-12-12The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.

Alireza Aliniya · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54277Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through <= 1.2.10.

Alphabpo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41664Medium6.52024-12-13Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4.

Altair-graphql · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54147Medium6.82024-12-09Altair is a GraphQL client for all platforms.

Amauric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12420Medium6.52024-12-13The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52.

Amazon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55886Medium6.92024-12-12OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale.

Ameliabooking · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11754Medium6.42024-12-13The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping o…

Amrendesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12574Medium5.42024-12-13The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.

Analytify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47841Medium4.32024-12-09Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.

Andrew Fiebert · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40678Medium5.42024-12-13Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117.

Androidbubble · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30873Medium5.42024-12-09Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8.

Anisha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12492Medium6.32024-12-12A vulnerability was found in code-projects Farmacia 1.0.

Apasionados · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44147Medium5.32024-12-13Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <…

Appgenix Infotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54294Critical9.82024-12-13Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from…

Appsplate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54292Critical9.32024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3.

Arcinfo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-120572024-12-09User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.

Arm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5660Critical9.82024-12-10Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2…

Arni Cinco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54271Medium5.42024-12-13Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.

Artbees · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38385High8.32024-12-13Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0.

Artifex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46657Medium5.52024-12-10Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c.

Arul Prasad J · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31214Medium5.42024-12-09Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.

Ashish Ajani · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49850Medium5.32024-12-09Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through 2.7.

Aslam Khan Gouran · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54310Medium5.32024-12-13Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through <= 1.0…

Astoundify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52480Medium5.32024-12-09Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through < 4.3.0.

Austin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49858Medium4.32024-12-09Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0.

Averta · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47176Medium4.32024-12-13Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.

Aviplugins.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54255Medium4.72024-12-09URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2.

Awesome Togi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29173Medium5.32024-12-09Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5.

Awesomemotive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40005Medium5.32024-12-13Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.

Ays Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50904Medium5.32024-12-09Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.

Ays-pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-22697Medium5.32024-12-13Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.

Azzaroco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9290Critical9.82024-12-13The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up…

B.m. Rafiul Alam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49755Medium5.42024-12-09Missing Authorization vulnerability in B.M.

Basar Ventures · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54300Medium4.32024-12-13Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8.

Basecamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-538472024-12-09The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code.

Beaverbuilder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11832Medium6.42024-12-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and o…

Beego · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55885High7.52024-12-12beego is an open-source web framework for the Go programming language.

Berocket · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44149Medium5.32024-12-13Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through <= 3.8.2.2.

Best Wp Developer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54287Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Advanced Blog Post Block advanced-blog-post-block allows Stored XSS.This issue affects Advanced Blog Post Block: from n…

Bill Minozzi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32599Medium4.32024-12-13Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.

Binh Nguyen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49158High7.12024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4.

Bitcoin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55563Medium5.32024-12-09Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913.

Bitpay · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41803Medium5.32024-12-13Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0.

Blazeonline · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54240High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazeonline Blaze Online eParcel for WooCommerce blaze-online-eparcel-for-woocommerce allows Reflected XSS.This issue affects Blaze Onlin…

Blazethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54260Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a…

Blossom Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47849Medium4.32024-12-09Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter…

Bmad4ever · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21576Critical10.02024-12-13ComfyUI-Bmad-Nodes is vulnerable to Code Injection.

Boldgrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53819Medium5.32024-12-09Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0.

Booking Ultra Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32601Medium5.42024-12-13Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.

Bplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11882Medium6.42024-12-12The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient inp…

Caagsoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11689High8.82024-12-12The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29.

Cadus Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25791Medium5.42024-12-09Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.

Ce21 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54293Critical9.82024-12-13Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.

Certain Dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38480Medium5.32024-12-13Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.

Chris Baldelomar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23725Medium4.32024-12-09Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.

Christer_f · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54338Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widget…

Cimatti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35051Medium5.42024-12-13Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.

Citeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45404High8.12024-12-12OpenCTI is an open-source cyber threat intelligence platform.

Cl272 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49192Medium5.32024-12-09Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through <= 1.6.3.

Classcms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12503Low2.42024-12-12A vulnerability classified as problematic was found in ClassCMS 4.8.

Cleo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55956Critical9.8KEV2024-12-13In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autor…

Cleveland Heights-university Heights Public Library Webdeveloper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54238High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleveland Heights-University Heights Public Library Webdeveloper Board Document Manager from CHUHPL board-document-manager-from-chuhpl al…

Clever Widgets · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23823Medium4.32024-12-09Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.

Clicktotweet.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41857Medium5.42024-12-13Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14.

Cmorillas1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54264High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creat…

Code4life · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49167Medium6.52024-12-09Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.

Codegearthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54225High7.52024-12-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4…

Codents · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38479Medium5.32024-12-13Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.

Codexpert, Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54296Critical9.82024-12-13Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3.

Codezips · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12484High7.32024-12-12A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0.

Cognitoapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10182Medium6.42024-12-12The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping.

Combodo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54139High7.92024-12-13Combodo iTop is an open source and web-based IT service management platform.

Constant Contact · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34387Medium4.32024-12-13Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3.

Contact Form - Wpmanageninja Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41952Medium5.32024-12-13Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.

Conversios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51357Medium5.32024-12-09Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 6.5.0.

Cool Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36681Medium5.32024-12-13Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins…

Creativemindssolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54267Medium4.32024-12-13Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.

Crudlab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47820Medium4.32024-12-09Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.

Crushftp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53552Critical9.82024-12-10CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.

Crushftp, Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11986Critical9.62024-12-13Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs.

Curl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11053Low3.42024-12-11When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

Cybernetikz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33998Medium4.32024-12-13Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5.

Damir Calusic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27428Medium5.42024-12-09Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.

Dash Labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39305Medium5.32024-12-13Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4…

Datax-web_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12358Medium6.32024-12-09A vulnerability was found in WeiYe-Jing datax-web 2.1.1.

David Vongries · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47756Medium4.32024-12-09Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6.

Dealertrend · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54325High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through <= 6.6.2410.02.

Debian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47606Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components.

Decollete · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11443High8.82024-12-12The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2.

Deepen Bajracharya · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44142Medium5.42024-12-13Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2.

Dejureorg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11417Medium6.12024-12-12The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5.

Delucks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54259Medium6.52024-12-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through <= 2.7.0.

Depayfi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12265Medium5.32024-12-12The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2…

Designinvento · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37967Medium6.52024-12-13Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.

Devfelixmoira · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54276Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devfelixmoira Poll Builder poll-builder allows Stored XSS.This issue affects Poll Builder: from n/a through <= 1.3.5.

Devrix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54337High7.12024-12-13Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1.

Dfinity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11991Medium5.62024-12-09Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations.

Dipankarpal212 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12260Medium6.12024-12-12The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping.

Directus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54151High7.52024-12-09Directus is a real-time API and App dashboard for managing SQL database content.

Divscorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-38946Critical9.82024-12-09Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.

Dmitry V. (Ceo Of "Ukr Solution") · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54265High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmitry V.

Dotcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10678Medium5.42024-12-13The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to p…

Dotonpaper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54252Medium6.32024-12-13Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.

Dotstore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54227Medium4.32024-12-09Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximu…

Dromara · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12483Low3.72024-12-12A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3.

Dugudlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54239Critical9.82024-12-13Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18.

Dylan Blokhuis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38483Medium5.42024-12-13Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.

Dynamic.ooo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35046Medium5.42024-12-13Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.

Easy-appointments · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30748Medium4.32024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.

Easyship · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37989Medium5.42024-12-13Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0.

Easysocialfeed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48740Medium4.32024-12-09Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through <= 6.5.1.

Ederson Peka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54322High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.4.

Edgarrojas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49856High8.12024-12-09Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84.

Edo888 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50375Medium5.32024-12-09Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through <=…

Eewee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54248High8.82024-12-13Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4.

Elabftw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52586Medium5.42024-12-09eLabFTW is an open source electronic lab notebook for research labs.

Elementinvader · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12059Medium4.32024-12-12The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode.

Elliotvs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12421Medium6.52024-12-13The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1.

Elvinhaci · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11430Medium6.52024-12-12The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack o…

Enalean · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52599Medium5.42024-12-09Tuleap is an open source suite to improve management of software developments and collaboration.

Epic Games · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11872High7.82024-12-12Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability.

Eryaz Information Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8259Critical9.82024-12-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.

Espressif · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-538452024-12-12ESPTouch is a connection protocol for internet of things devices.

Expresstech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37984Medium4.32024-12-13Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.

Extremeidea · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54297Critical9.82024-12-13Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3.

Eyal Fitoussi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54326Medium6.52024-12-13Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through <= 4.5.0.4.

Fantastic Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25048Medium5.32024-12-09Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6.

Fatcatapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12072Medium6.12024-12-12The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.

Feedbackwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36528Medium5.32024-12-13Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.

Felix Welberg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32094Medium5.42024-12-09Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19.

Fhir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55887High8.62024-12-13Ucum-java is a FHIR Java library providing UCUM Services.

Flowdee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47780Medium4.32024-12-09Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0.

Fluentforms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9651Medium6.12024-12-09The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…

Fluxbuilder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54295Critical9.82024-12-13Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7.

Fooplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6947High7.72024-12-10The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26.

Formfacade · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54301High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.6.

Fortra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9945Medium5.32024-12-13An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.

Full. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54313Medium6.52024-12-13Path Traversal vulnerability in FULL.

G5plus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12329Medium4.32024-12-12The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6.

Gemini Labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49832Medium5.32024-12-09Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through <= 6.10.2.

Geovision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12553Medium6.52024-12-13GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability.

Gesundheit Bewegt Gmbh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34381Medium5.32024-12-13Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2.

Get3code · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11419Medium6.12024-12-12The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.

Godaddy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49156Medium4.32024-12-09Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a throu…

Gohugoio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-556012024-12-09Hugo is a static site generator.

Golang.org/x/crypto · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45337Critical9.12024-12-12Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass.

Gopiplus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11442Medium6.42024-12-12The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input san…

Greenshiftwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11181Medium4.32024-12-12The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which po…

Greg - Siteorigin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54268Medium4.32024-12-13Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through <=…

Gs Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32593Medium5.42024-12-13Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.

Gsarig · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11827Medium6.42024-12-13The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escap…

Guangzhou Huayi Intelligent Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12347Medium5.32024-12-09A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical.

Guido · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41862Medium5.32024-12-13Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.

Guizhou Xiaoma Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12348Low3.52024-12-09A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2.

Gvectors · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47869Medium4.32024-12-09Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.

Hage · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11875Medium6.42024-12-12The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping…

Halfdata · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10590High8.82024-12-12The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07.

Hanif-khan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11683Medium6.12024-12-12The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping.

Hanthuy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11785Medium6.42024-12-12The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on u…

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12289Medium5.92024-12-12Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely.

Hay86 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21577Critical10.02024-12-13ComfyUI-Ace-Nodes is vulnerable to Code Injection.

Heateor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41802Medium4.32024-12-13Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.

Heolixfy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49817High8.22024-12-09Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a thro…

Hewlett Packard Enterprise (Hpe) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54008High7.22024-12-10An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI.

Hk Digital Agency Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54261Critical10.02024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL Injection.This issue affects TAX SERVICE Electr…

Hookandhook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12172High7.52024-12-12The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function i…

Hostfact · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11413Medium6.42024-12-12The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and out…

Http4k · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55875Critical9.82024-12-12http4k is a functional toolkit for Kotlin HTTP applications.

Hugh Lashbrooke · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36518Medium4.32024-12-13Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2.

Hurraki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54330High7.22024-12-13Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4.

I.lychkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54311Medium5.42024-12-13Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1.

I13websolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25221Medium6.52024-12-13The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient p…

Icdsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54320High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through <=…

Ido Kobelkowsky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54303High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment allows Reflected XSS.This issue affects Simple Payment: from n/a through <= 2.3.8.

Igor Benic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23893Medium5.32024-12-09Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.

Ilghera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41686Medium6.52024-12-13Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.

Ilmdesigns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49851Medium5.32024-12-09Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1.

Imagerecycle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54266High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression imagerecycle-pdf-image-compression allows Reflected XSS.This issue affects ImageRecycle…

Immosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54335High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3.

Importify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49194Medium5.32024-12-09Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a thro…

Infiniflow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53450High7.52024-12-09RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.

Inisev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34009Medium4.32024-12-13Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.

Inqsys Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36526Medium5.42024-12-13Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: fr…

Insiderealestate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11723Medium6.12024-12-12The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent…

Inspireui · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12042Medium5.42024-12-13The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient…

It Path Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47871Medium4.32024-12-09Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.

Iulia Cazan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36680Medium5.42024-12-13Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0.

Jbd7 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54339High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3.

Jegstudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35875Medium5.32024-12-13Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.

Jerod Santo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28168Low3.72024-12-09Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.

Jigar-sable · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-38947Critical9.82024-12-09SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.

Jobboardwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23715Medium5.22024-12-09Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: f…

Johnwwweissberg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12312High8.12024-12-12The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie.

Jose Vega · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31073Medium4.32024-12-09Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the f…

Jottlieb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12294Medium5.32024-12-11The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.

Jtermaat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12271Medium4.42024-12-12The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping.

Jtexpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54305High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtexpress J&T Express Malaysia jt-express allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through <= 2.0.13.

Jules Colle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47838Medium4.32024-12-09Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form…

Justin Fletcher · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54290High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer role-includer allows Reflected XSS.This issue affects Role Includer: from n/a through <= 1.6.

Karim Salman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-22708Medium4.32024-12-09Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.

Karim42 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11973Medium6.12024-12-10The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output…

Kaushik07 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11891Medium6.42024-12-12The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping o…

Kekotron · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11709Medium4.32024-12-12The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5.

Ketr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51165High7.52024-12-10SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the…

Koen Reus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41689Medium4.32024-12-13Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Pr…

Kofi Mokome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54254Medium6.32024-12-09Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.

Kstover · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11052High7.22024-12-12The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitiza…

Kundgenerator · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54319High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6.

La-studio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50884Medium6.52024-12-09Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from…

Labelgrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54341High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58.

Laravel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55661High8.82024-12-13Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications.

Lauri Karisola / Wp Trio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46807Medium4.32024-12-13Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.

Ldd Web Design · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54288High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite ldd-directory-lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through <= 3.3.
CVESeverityCVSSKEVPublishedSummary
CVE-2023-32506Medium6.52024-12-13Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3.

Linknacional · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54328High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for…

Liquidpoll · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36531Medium4.32024-12-13Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and B…

Lordspace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12263Medium4.32024-12-12The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5.

Lucian Apostol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45840Medium6.52024-12-13Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.

Luckywp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29239Medium5.42024-12-09Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1.

Mad Fish Digital · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41688Medium5.42024-12-13Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.

Magazine3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25469Medium5.42024-12-09Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.

Mahendrapatidarmp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12341Medium4.32024-12-12The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0.

Maheshmaharjan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11427Medium6.42024-12-12The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user suppl…

Mailmunch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40203Medium4.32024-12-13Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.

Mainwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10783High8.12024-12-13The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and…

Majeed Raza · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41848Medium5.32024-12-13Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.

Man-group · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-558902024-12-13D-Tale is a visualizer for pandas data structures.

Marc Dooder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49848Medium6.52024-12-09Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdr…

Marcus (Aka @Msykes) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49859Medium4.32024-12-09Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through <= 4.1.

Martin Gibson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48774Medium5.42024-12-09Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.

Mashiurz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54349Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through <= 1.0.3.

Masud Hasan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54230Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor…

Matat Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48287Medium5.42024-12-09Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0.

Mateusz Czardybon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40213Medium4.32024-12-13Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3.

Mattdeclaire · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49845Medium5.32024-12-09Missing Authorization vulnerability in mattdeclaire Redirects redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through <= 1.2.1.

Matthew Ruddy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30490High7.52024-12-13Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8.

Max Chirkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26520Medium5.32024-12-09Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.

Meowapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10499High7.22024-12-12The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks

Metagauss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49831High7.52024-12-09Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from…

Metaphor Creations · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49835Medium4.32024-12-09Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.

Metaphorcreations · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47764Medium6.52024-12-09Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= 3.1.24.

Metup · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54329High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a…

Mg12 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23886Medium5.42024-12-09Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.

Michal Novák · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41133Medium5.32024-12-13Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.

Migrate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25486Medium4.32024-12-09Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.

Mitel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55550Low2.7KEV2024-12-10Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization.

Mobatime · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12286Critical9.82024-12-10MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

Mobilemonkey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32581Medium5.42024-12-13Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.

Molongui · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50876Medium4.32024-12-09Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.

Mondial Relay Woocommerce - Wcmultishipping · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48274Medium6.52024-12-09Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5.

Morehawes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12325Medium6.12024-12-11The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.

Mra13 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48286High8.22024-12-09Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through <= 2.0.79.

Mtomic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54324High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mtomic SMSify smsify allows Reflected XSS.This issue affects SMSify: from n/a through <= 6.0.4.

Muhammad Rehman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29237Medium6.32024-12-09Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5.

Nate Reist · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25454Medium6.52024-12-09Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.

Ncrafts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47823Medium5.32024-12-09Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7.

Nerdpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49193Medium5.32024-12-09Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through <= 1.30.0.

Newsmanapp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11767Medium6.42024-12-13The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping o…

Nicejob · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54318Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through <= 3.6.5.

Ninjateam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11012Medium6.32024-12-13The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4.

Northern Beaches Websites · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47763Medium4.32024-12-09Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from…

Numerix Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50585Medium4.72024-12-11Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) pa…

Octrace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54274High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordP…

Onewebsite · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26522Medium6.52024-12-09Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.

Onlyoffice · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11750Medium6.42024-12-12The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escapi…

Open Design Alliance · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-125642024-12-12Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3.

Overclokk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54233High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in overclokk Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager allows Reflected XSS.This issue affects Advanced…

Ovic Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41649Medium6.52024-12-13Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2.

Owthub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12406Medium6.52024-12-12The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the use…

Pagelayer Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49196Medium4.32024-12-09Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.

Papercut · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9672Medium5.42024-12-10A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF.

Paul Ryley · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27625Medium4.32024-12-09Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.

Paypal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25026Medium4.32024-12-09Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce: from n/a through 1.4.2.

Paytr Ödeme Ve Elektronik Para Kuruluşu A.ş. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47847Medium5.32024-12-09Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.

Pechenki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41683Medium5.42024-12-13Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.

Peerigon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-541522024-12-10Angular Expressions provides expressions for the Angular.JS web framework as a standalone module.

Persianscript · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54312High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a t…

Photonicgnostic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11359Medium6.12024-12-12The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8.

Phpmyfaq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55889Medium4.92024-12-13phpMyFAQ is an open source FAQ web application.

Pickplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54273Critical9.82024-12-13Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through <= 1.0.14.

Pierre Jehan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-44578Medium5.32024-12-13Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.

Planaday · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11804Medium6.12024-12-12The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping.

Plugin Devs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54278Medium4.32024-12-13Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3.

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40334Medium4.32024-12-13Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2.

Pnpm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53866Critical9.82024-12-10The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and install…

Prasadkirpekar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47836Medium5.42024-12-09Missing Authorization vulnerability in prasadkirpekar WP Meta and Date Remover wp-meta-and-date-remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through <…

Premio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51362Medium5.32024-12-09Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.1.3.

Premmerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41130High8.12024-12-13Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12.

Primersoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11809Medium6.12024-12-13The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping.

Printful · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47168Medium4.32024-12-13Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooC…

Profilepress Membership Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41953Medium5.32024-12-09Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.

Projectopia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54336High8.82024-12-13Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.7.

Quetrobits · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-559462024-12-13Playloom Engine is an open-source, high-performance game development engine.

Quomodosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54224Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue affects ElementsReady Addons for Elemen…

Radiustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54272Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through <= 2.1.2.

Rails · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-541332024-12-10Action Pack is a framework for handling and responding to web requests.

Rapid7 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-114012024-12-11Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings…

Realmag777 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10959High7.32024-12-10The The Active Products Tables for WooCommerce.

Realwebcare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32293Medium5.32024-12-09Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7.

Rednao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38475Medium4.32024-12-13Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

Reservation Diary · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36510High7.32024-12-13Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.

Revidev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54299High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through <= 5.7.3.

Reviewx Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40670Medium4.32024-12-13Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.

Rextheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34376Medium5.42024-12-13Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a thro…

Richardperdaan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9608Medium6.12024-12-13The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1.

Robosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45841Medium5.42024-12-13Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.

Roland Murg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49758Medium4.32024-12-09Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.

Roxnor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50903Medium5.32024-12-09Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through <= 3.4.0.

Rrdevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54232Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RRDevs RRAddons for Elementor rrdevs-for-elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through <= 1.1.0.

Rtcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41951Medium4.32024-12-13Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a…

Saad Iqbal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54323Medium5.42024-12-13Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2.

Sap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32732Medium5.32024-12-10Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of…

Scidsg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55888High7.12024-12-12Hush Line is an open-source whistleblower management system.

Searchiq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47832Medium5.32024-12-09Missing Authorization vulnerability in SearchIQ SearchIQ searchiq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through <= 4.4.

Secomea · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-32007Low3.52024-12-13This issue affects: Secomea GateManager Version 9.5 and all prior versions.

Seerox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54256High7.12024-12-13Missing Authorization vulnerability in Seerox Easy Blocks pro easy-blocks-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through <= 1.0.21.

Seraphinitesoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12160Medium6.12024-12-12The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.

Seventhqueen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43222Critical9.82024-12-09Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3.

Shafayat-alam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11914Medium6.42024-12-12The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanit…

Shakee93 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11840High7.12024-12-11The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_hta…

Shanebp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12441Medium6.12024-12-12The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping.

Shaon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23887Medium5.32024-12-09Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0.

Shapedplugin Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41132Medium4.32024-12-13Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15.

Sharabindu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11410Medium6.42024-12-12The Top and footer bars for announcements, notifications, advertisements, promotions – YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to ins…

Shiptimize · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54235High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from…

Shivtiwari · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12258Medium6.12024-12-12The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output esca…

Shohei.tanaka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47698High8.62024-12-09Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through <=…

Shopfiles · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-22701High7.52024-12-09Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.

Shuchkin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55878Medium6.82024-12-12SimpleXLSX is software for parsing and retrieving data from Excel XLSx files.

Sidngr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54262Critical9.92024-12-13Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a throug…

Sigstore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-556552024-12-10sigstore-python is a Python tool for generating and verifying Sigstore signatures.

Silverplugins217 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54333High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Wo…

Smaily · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54286Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smaily Smaily for WP smaily-for-wp allows Stored XSS.This issue affects Smaily for WP: from n/a through <= 3.1.5.

Smartagenda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11781Medium6.42024-12-12The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization an…

Sminozzi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54298Medium4.32024-12-13Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.

Smub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11205High8.52024-12-10The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1.

Social Share Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38514Medium4.32024-12-13Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/…

Socialmediafeather · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49861Medium4.32024-12-09Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through <= 2.1.3.

Softlab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32117Critical9.82024-12-09Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.

Sojahu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11757Medium6.42024-12-12The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user sup…

Solarwinds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45709Medium5.32024-12-10SolarWinds Web Help Desk was susceptible to a local file read vulnerability.

Solidwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40001Medium4.32024-12-13Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.

Sonaar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47822Medium5.42024-12-09Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcas…

Staggs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54342High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0.

Stamped.io · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30479Medium5.32024-12-09Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce…

Stanislav Kuznetsov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38477Medium4.32024-12-13Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.

Stathisg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12572Medium6.12024-12-13The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.

Stellarwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10939Medium4.82024-12-13The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht…

Strategy11 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45806Medium4.32024-12-13Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.

Suiteplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12162Medium6.12024-12-12The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escap…

Sunshinephotocart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45826Medium5.42024-12-13Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.

Supercleanse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11008Medium5.32024-12-11The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature.

Superpwa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48277Medium4.32024-12-09Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through <…

Surbma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11433Medium6.42024-12-12The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escapi…

Suresh Chand · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36509Medium5.42024-12-13Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5.

Surfer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35037High7.62024-12-13Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.3.2.357.

Syed Balkhi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50887Medium5.32024-12-09Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.0.10.

Sygnoos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9428Medium4.82024-12-12The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit…

Sylviavanos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54340High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1.

Taggbox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33215Medium5.42024-12-13Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3.

Tarecord · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11015Critical9.82024-12-12The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.

Team Plugins360 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41866Medium4.32024-12-13Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3.

Teamviewer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12363High7.12024-12-11Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote M…

Tech Banker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28165Medium4.32024-12-09Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.2…

Teckel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12579Medium5.32024-12-13The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10.

Tecno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12603Critical9.82024-12-13A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.

Teltonika Networks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-82562024-12-10In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user…

Tenable · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12174Low2.72024-12-09An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

The African Boss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37969Medium5.32024-12-13Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.

The Events Calendar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35777Medium5.32024-12-13Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2.

Thehowarde · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54343High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affec…

Theluckywp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9641Medium4.82024-12-12The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm…

Themeisle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39920High7.52024-12-13Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2…

Themify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12414Medium4.32024-12-13The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9.

Thomas K Landis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54351High7.12024-12-13Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0.

Thomas Michalak · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32586Medium4.32024-12-13Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1.

Tickera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11351Medium5.32024-12-11The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature.

Tickera.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23726Medium5.42024-12-09Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.

Total-soft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32585High7.52024-12-13Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/…

Totalsuite · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27449Medium6.32024-12-09Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-12352Medium4.32024-12-09A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.

Turbosmtp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12323Medium6.12024-12-10The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping.

Tw2113 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11871Medium6.42024-12-12The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on us…

Tyche Softwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46795Medium6.52024-12-13Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce…

Tychesoftwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41671Medium5.42024-12-13Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooComm…

Uncanny Owl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34019Medium6.52024-12-13Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Unitecms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10784Medium6.42024-12-12The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input…

Universam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54327High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59.

Unknown · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10568Medium4.72024-12-12The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab…

Vaakash · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49849Medium4.32024-12-09Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.

Varun Sharma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48332Medium4.32024-12-09Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for W…

Vberkel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11279Medium6.12024-12-12The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4.

Veeam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42448Critical9.92024-12-12From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Veronalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33994Medium6.52024-12-13Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through <= 5.0.5.1.
CVESeverityCVSSKEVPublishedSummary
CVE-2023-25988High7.52024-12-13Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through…

Vikas Ratudi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54302High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.0.0.

Villatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46796Medium6.52024-12-13Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.

Villatheme(villatheme.com) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46811Medium4.32024-12-13Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshippi…

Virtuellwerk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48776Medium5.42024-12-09Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.

Voidthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48750Medium5.32024-12-09Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.T…

Wacom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12552High7.82024-12-13Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability.

Webandprint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12300Low3.72024-12-13The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3.

Webberzone · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25993Medium4.32024-12-09Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.

Webflow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49818Medium5.32024-12-09Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.

Weboccult Technologies Pvt Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54228Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets…

Websitetoolbox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12338Medium6.12024-12-12The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output es…

Webtoffee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33928Medium4.32024-12-13Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40003Medium6.52024-12-13Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7.

Wibergsweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54275High7.12024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wibergsweb CSV to html csv-to-html allows Reflected XSS.This issue affects CSV to html: from n/a through <= 3.08.

Wintercms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54149High8.42024-12-09Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework.

Wiser Notify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41690Medium5.32024-12-13Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5.

Woobewoo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50877Medium4.32024-12-09Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0.

Wooproductimporter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30870Medium6.52024-12-09Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship…

Wow-company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49154Medium5.32024-12-09Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a throu…

Wp Happy Coders · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41849Medium5.32024-12-13Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0.

Wp-buy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54234Critical9.32024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through…

Wp3sixty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32507High7.32024-12-13Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.

Wpchill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11106Medium5.32024-12-10The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature.

Wpclever · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12004Medium6.12024-12-11The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2.

Wpdebuglog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54309Medium6.52024-12-13Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox postbox-email-logs allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through <= 1.0.4.

Wpdevart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-24407Medium5.02024-12-09Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a…

Wpdevelop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11945Medium6.42024-12-10The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping.

Wpdevteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11727Medium4.42024-12-12The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settin…

Wpdirectorykit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41875Medium5.32024-12-13Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.

Wpdirectorykit.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28532Medium4.32024-12-09Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5.

Wpeka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11724Medium4.32024-12-12The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script…

Wpeverest · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29429Medium5.32024-12-09Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1.

Wpexpertsio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47182Medium5.32024-12-13Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1.

Wpfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23868Medium5.42024-12-09Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6.

Wpmart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52385Medium4.32024-12-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpmart Team Member team-showcase-supreme.This issue affects Team Member: from n/a through <= 7.4.

Wpoperation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32126Medium4.32024-12-09Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.

Wppal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33324Medium6.52024-12-13Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.

Wpsaad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50373Medium5.32024-12-09Missing Authorization vulnerability in WPSAAD Alt Manager alt-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alt Manager: from n/a through <= 1.6.1.

Wpschoolpress Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37887Medium6.52024-12-13Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7.

Wpthemego · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36519Medium5.42024-12-13Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15.

Wpwax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12040High8.82024-12-12The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.

Wpwax - Wp Business Directory Plugin And Classified Listings Directory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35052Medium4.32024-12-13Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a thro…

Wpxpo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53818Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.15.

Wpxpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54253Medium6.52024-12-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.6.5.

Xnsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11950High8.82024-12-12XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability.

Xtemos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12333Medium6.52024-12-12The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3.

Yith · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-36506Medium5.32024-12-13Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.

Yogesh Pawar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49754Medium4.32024-12-09Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0.

Yummywp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30783Medium4.32024-12-09Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through 2.5.0.

Zealopensource · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12255Medium5.32024-12-12The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data.

Zendesk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23716Medium4.32024-12-09Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.

Zeshanb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54334Medium6.52024-12-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Qur…

Zoan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12461Medium6.42024-12-12The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on…

Сleantalk - Anti-spam Protection · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33996High8.82024-12-13Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam…

腾讯云 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29433Medium5.42024-12-09Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7.