7.3
CVE-2024-3359 - SourceCodester Online Library System login.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploi…
3.5
CVE-2024-3358 - SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The explo…
5.3
CVE-2024-2950 - BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte…
5.3
CVE-2024-3216 - WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Auth…
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible fo…
7.1
CVE-2024-1385 - WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options U…
The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access a…
4.4
CVE-2024-2656 - Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escaping.…
6.4
CVE-2024-3245 - EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any …
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient…
4.3
CVE-2024-1994 - Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modificat…
The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and abo…
8.8
CVE-2024-28741 -
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
5.2
CVE-2024-21506 - python-pymongo: out of bounds read
Duplicate of CVE-2024-5629.