0.0
CVE-2024-3702 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.2
CVE-2024-3054 - WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the β¦
8.8
CVE-2024-3211 - Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existβ¦
4.3
CVE-2024-31371 - WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.
4.3
CVE-2024-31372 - WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.
10
CVE-2024-3400 - PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the fβ¦
4.8
CVE-2023-45186 - IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dβ¦
6.4
CVE-2024-2801 - Shopkeeper Extender <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatβ¦
6.4
CVE-2024-2137 - All-in-One Addons for Elementor β WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Siβ¦
The All-in-One Addons for Elementor β WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thiβ¦
5.4
CVE-2023-50307 - IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wiβ¦