5.3
CVE-2024-10520 - WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion
The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticateβ¦
7.5
CVE-2024-52449 - WordPress WordPress Bootscraper plugin <= 2.1.0 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper wp-bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through <= 2.1.0.
7.5
CVE-2024-52450 - WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in officialprocoders nBlocks nblocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through <= 1.0.2.
9.8
CVE-2024-52439 - WordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.This issue affects Team Rosters: from n/a through <= 4.8.2.
9.8
CVE-2024-52440 - WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through <= 1.0.0.
9.8
CVE-2024-52441 - WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through <= 1.0.1.
9.8
CVE-2024-52443 - WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in masikonis Geolocator geolocator allows Object Injection.This issue affects Geolocator: from n/a through <= 1.1.
8.8
CVE-2024-52445 - WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ModelTheme QRMenu Restaurant QR Menu Lite qrmenu-lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through <= 1.0.4.
8.8
CVE-2024-52446 - WordPress Buying Buddy IDX CRM plugin <= 1.2.8 - CSRF to PHP Object Injection vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through <= 1.2.8.
7.5
CVE-2024-52444 - WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.1.3.