5.3
CVE-2024-11294 - Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level β¦
6.1
CVE-2024-12220 - SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forgedβ¦
6.1
CVE-2024-12219 - Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request graβ¦
5.5
CVE-2021-26281 - Information disclosure vulnerability in Alarm clock module
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.
7.9
CVE-2021-26280 - Permission bypass vulnerability in permission manager module
Locally installed application can bypass the permission check and perform system operations that require permission.
8.7
CVE-2024-11999 -
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.
7.3
CVE-2024-38499 - Improper Privilege Management Vulnerability in CA Client Automation 14.5
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to β¦
3.3
CVE-2024-54125 -
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
7.6
CVE-2024-9624 - WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Imβ¦
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to maβ¦
4.8
CVE-2024-55864 -
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing tβ¦