0.0
CVE-2024-50504 - WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.
0.0
CVE-2024-50506 - WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
0.0
CVE-2024-50508 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
0.0
CVE-2024-50510 - WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3.
0.0
CVE-2024-50511 - WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1.
0.0
CVE-2024-50507 - WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.
0.0
CVE-2024-50512 - WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2.
0.0
CVE-2024-50509 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
0.0
CVE-2024-50503 - WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3.
7.2
CVE-2024-10108 - WPAdverts β Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_aβ¦
The WPAdverts β Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers toβ¦