6.5
CVE-2024-56031 - WordPress Smart Shopify Product plugin <= 1.0.2 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product smart-shopify-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through <= 1.0.2.
0.0
CVE-2024-56067 - WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability
Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
5.3
CVE-2023-48775 - WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
4.3
CVE-2023-50850 - WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
9.8
CVE-2024-56071 - WordPress Simple Dashboard plugin <= 2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.
9.8
CVE-2024-56205 - WordPress AI Magic โ SEO Content Generator & Article Writer plugin <= 1.0.4 - Privilege Escalation โฆ
Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4.
9.8
CVE-2024-13061 - 2100 Technology Electronic Official Document Management System - Authentication Bypass
The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users,โฆ
5.3
CVE-2024-13069 - SourceCodester Multi Role Login System add-user.php cross site scripting
A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The โฆ
7.1
CVE-2024-56209 - WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo kleo allows Reflected XSS.This issue affects Kleo: from n/a through < 5.4.4.
7.1
CVE-2024-56210 - WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through <= 5.1.9.