7.8
CVE-2024-53295 -
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
7.1
CVE-2024-51534 -
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of …
2.7
CVE-2024-53296 -
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
8.8
CVE-2024-12171 - ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticat…
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subsc…
4.3
CVE-2024-13651 - RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Su…
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscri…
5.3
CVE-2024-12620 - AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Au…
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthent…
5.3
CVE-2024-12184 - WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submiss…
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to downl…
6.4
CVE-2024-11780 - Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent…
6.4
CVE-2024-13547 - aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrib…
8.8
CVE-2024-13343 - WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privil…
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and abo…