6.1
CVE-2024-9214 - Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scriptβ¦
The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaβ¦
6.5
CVE-2024-9650 - WP Recipe Maker <= 9.6.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'β¦
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtooltipβ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accessβ¦
0.0
CVE-2024-10339 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2024-10331 - PHPGurukul Vehicle Record System search-vehicle.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely.β¦
6.5
CVE-2024-6826 - Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
8.7
CVE-2024-8312 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.
6.1
CVE-2024-8717 - PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer β DearFlip <= 2.3.32 - Reflected Cross-Site Scriptβ¦
The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer β DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unaβ¦
4.3
CVE-2024-10050 - Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure vβ¦
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft,β¦
7.5
CVE-2024-6049 - Unauthenticated Path Traversal
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is onβ¦
6.3
CVE-2024-9943 - MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Requβ¦
The MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php. β¦