4.3
CVE-2024-8667 - HurryTimer β An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missinβ¦
The HurryTimer β An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authβ¦
4.3
CVE-2024-9531 - MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authoriβ¦
The MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible β¦
6.1
CVE-2024-9864 - EventPrime β Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Crossβ¦
The EventPrime β Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦
6.1
CVE-2024-9865 - EventPrime β Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Crossβ¦
The EventPrime β Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βep_booking_attendee_fieldsβ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for uβ¦
6.1
CVE-2024-9374 - Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting
The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in paβ¦
9.8
CVE-2024-48514 -
php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.
9.3
CVE-2024-48548 -
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
8.6
CVE-2024-48208 -
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
9.8
CVE-2024-48539 -
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
9.8
CVE-2024-48538 -
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.