9.8
CVE-2024-9930 - Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existiβ¦
9.8
CVE-2024-9932 - Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected siβ¦
5.5
CVE-2024-9462 - Poll Maker β Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Sβ¦
The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,β¦
4.9
CVE-2024-9475 - Poll Maker β Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Sβ¦
The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existβ¦
4.3
CVE-2024-9626 - Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachβ¦
The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lβ¦
8.8
CVE-2024-9890 - User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in β¦
9.8
CVE-2024-9933 - WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unautβ¦
9.8
CVE-2024-9931 - Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the firstβ¦
9.1
CVE-2024-47821 - pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can beβ¦
0.0
CVE-2024-10401 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.