6.5
CVE-2023-47504 - WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
5.3
CVE-2023-32127 - WordPress Multi Rating plugin <= 5.0.6 - Unauth Arbitrary rating value change
Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
9.9
CVE-2023-31090 - WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerabiβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.β¦
5.3
CVE-2023-25790 - WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.
4.1
CVE-2024-32078 - WordPress FV Player plugin <= 7.5.44.7212 - Unvalidated Redirects and Forwards vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.
4.3
CVE-2024-32432 - WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1.
8.8
CVE-2024-4115 - Tenda W15E AddDnsForward formAddDnsForward stack-based overflow
A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. Thβ¦
6.5
CVE-2024-32675 - WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.
6.5
CVE-2024-32677 - WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.
5.3
CVE-2024-32678 - WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.