9.8
CVE-2023-51472 - WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
7.1
CVE-2024-3371 - Insufficient validation of external input in Compass may enable MITM attacks
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
8.8
CVE-2024-4118 - Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow
A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. Tβ¦
8.2
CVE-2023-51471 - WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerabβ¦
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
9.8
CVE-2023-51425 - WordPress Rencontre plugin <= 3.10.1 - Unauthenticated Account Takeover vulnerability
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre β Dating Site allows Privilege Escalation.This issue affects Rencontre β Dating Site: from n/a through 3.10.1.
8.2
CVE-2023-51405 - WordPress BookingPress plugin <= 1.0.74 - Booking Price Manipulation vulnerability
Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74.
5.3
CVE-2023-48763 - WordPress JetFormBuilder plugin <= 3.1.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.
8.8
CVE-2024-4117 - Tenda W15E DelPortMapping formDelPortMapping stack-based overflow
A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. Tβ¦
8.8
CVE-2024-4116 - Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow
A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotelyβ¦
5.4
CVE-2023-47774 - WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.