0.0
CVE-2024-49674 - WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1.
8.8
CVE-2024-49685 - WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through <= 2.2.3.
8
CVE-2024-43383 - Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati…
4.8
CVE-2024-30149 - HCL AppScan Source is affected by an expired TLS/SSL certificate
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
6.1
CVE-2024-9434 - WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inj…
6.4
CVE-2024-9446 - WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpa…
The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentica…
5.3
CVE-2024-9430 - Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Una…
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attack…
6.4
CVE-2024-9165 - Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) …
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
5.3
CVE-2024-9700 - Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Obj…
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes i…
9.8
CVE-2024-10392 - AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the a…