4.3
CVE-2024-49697 - WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
4.3
CVE-2024-50417 - WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in boldthemes Bold Page Builder bold-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through <= 5.1.3.
4.3
CVE-2024-51660 - WordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Binsaifullah Easy Accordion Gutenberg Block easy-accordion-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through <= 1.2.3.
2.7
CVE-2024-51671 - WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through <= 3.0.3.
5.4
CVE-2024-51817 - WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability
Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs combo-wp-rewrite-slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through <= 1.0.
5.3
CVE-2024-52395 - WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuantumCloud Floating Buttons for WooCommerce shop-assistant-for-woocommerce-jarvis allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through <= 2.8.8.
5.3
CVE-2024-52600 - Statamic CMS has Path Traversal in Asset Upload
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other plโฆ
4.7
CVE-2024-52582 - cachi2 allows traceback prints locals
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This mโฆ
0.0
CVE-2024-11421 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The developer has disputed this as a vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
6.5
CVE-2024-10524 - GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.