3.5
CVE-2024-3541 - Campcodes Church Management System admin_user.php cross site scripting
A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h…
6.3
CVE-2024-3540 - Campcodes Church Management System add_sundaysch.php sql injection
A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exp…
6.3
CVE-2024-3539 - Campcodes Church Management System addgiving.php sql injection
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. Th…
4.7
CVE-2024-2428 - The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to pe…
4.3
CVE-2023-6385 - WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF
The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.
6.3
CVE-2024-3538 - Campcodes Church Management System addTithes.php sql injection
A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been d…
7.2
CVE-2024-3020 - Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Gri…
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present…
6.4
CVE-2024-1042 - WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization…
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers…
5.3
CVE-2024-3235 - Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts tha…
6.4
CVE-2024-2736 - Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contribu…