9.9
CVE-2024-50529 - WordPress Training β Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training β Courses training allows Upload a Web Shell to a Web Server.This issue affects Training β Courses: from n/a through <= 2.0.1.
9.9
CVE-2024-50530 - WordPress Stars SMTP Mailer plugin <= 2.2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through <= 2.2.1.
10
CVE-2024-50531 - WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through <= 6.2.4.
7.5
CVE-2024-51582 - WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9.
4.9
CVE-2024-51665 - WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulneraβ¦
Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through <= 1.2.1.
6.9
CVE-2024-9147 - HTML Injection in Bna Informatics' PosPratik
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.
9.3
CVE-2024-51561 - Authentication bypass Vulnerability in Aero
This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Succeβ¦
7.1
CVE-2024-51560 - Improper Error Handling Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0Β due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for βuserIdβ parameter in the API request leading to generation of error message conβ¦
7.1
CVE-2024-51559 - Improper Access Control Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
9.3
CVE-2024-51558 - Brute Force Attack Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0Β due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unβ¦