4.3
CVE-2024-33683 - WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerabโฆ
Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3.
9.8
CVE-2024-0740 - Eclipse Target Management <= 4.5.500 Command Injection
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03
5.3
CVE-2024-3682 - WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract โฆ
7.2
CVE-2024-1789 -
The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admโฆ
9.8
CVE-2024-3962 - Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppomโฆ
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary filesโฆ
5.3
CVE-2024-2920 - WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticโฆ
5.3
CVE-2024-3678 - Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
6.4
CVE-2024-3890 - Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting viaโฆ
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaโฆ
8.9
CVE-2023-6116 - Remote Code Execution without authentication using stack overflow
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report fโฆ
5.9
CVE-2024-33642 - WordPress Advanced Post List plugin <= 0.5.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1.