9.1
CVE-2024-8512 - W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated โฆ
0.0
CVE-2024-50504 - WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.
0.0
CVE-2024-50506 - WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
0.0
CVE-2024-50508 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
0.0
CVE-2024-50510 - WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3.
0.0
CVE-2024-50511 - WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1.
0.0
CVE-2024-50507 - WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.
0.0
CVE-2024-50512 - WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2.
0.0
CVE-2024-50509 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
0.0
CVE-2024-50503 - WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3.