7.1
CVE-2024-32958 - WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.
5.5
CVE-2024-32872 - Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13โฆ
5.3
CVE-2023-25785 - WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability
Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.
5.3
CVE-2023-23989 - WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
8.8
CVE-2024-4112 - Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow
A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has bโฆ
8.8
CVE-2024-4111 - Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow
A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been dโฆ
5.9
CVE-2024-28825 - Brute-force protection ineffective for some login methods
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
3.7
CVE-2023-23985 - WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
7.5
CVE-2023-23976 - WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
6.5
CVE-2022-45852 - WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.