4.3
CVE-2024-33585 - WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Accessβ¦
Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.
5.3
CVE-2024-33586 - WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.
5.3
CVE-2024-33587 - WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Controβ¦
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.
5.4
CVE-2024-33588 - WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin β BasePress.This issue affects Knowledge Base documentation & wiki plugin β BasePress: from n/a through 2.16.1.
6.3
CVE-2024-4310 - Cross-site Scripting (XSS) vulnerability in HubBank
Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
8.1
CVE-2024-4309 - SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /usβ¦
8.1
CVE-2024-4307 - SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wirβ¦
8.1
CVE-2024-4308 - SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.pβ¦
9.9
CVE-2024-4306 - Unrestricted Upload of File with Dangerous Type vulnerability in HubBank
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.
5.4
CVE-2024-4304 - Vulnerability on SWAL platform from GT3 Soluciones
A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.