5.3
CVE-2024-32601 - WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.
8.5
CVE-2024-32603 - WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
4.3
CVE-2024-32604 - WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.
4.3
CVE-2023-41864 - WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.
9.9
CVE-2023-49742 - WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulneโฆ
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
5.4
CVE-2024-32142 - WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0.
5.3
CVE-2024-31869 - Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config usโฆ
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI pageย when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currenโฆ
6.1
CVE-2024-2729 - Otter Blocks < 2.6.6 - Contributor+ Stored XSS
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
6.4
CVE-2024-1429 - Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallaโฆ
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtab_linkโ attribute of the Panel Slider widget in all versions up to, and incluโฆ
6.4
CVE-2024-1426 - Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallaโฆ
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โlinkโ attribute of the Price List widget in all versions up to, and including, โฆ