9.8
CVE-2024-49624 - WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1.
9.8
CVE-2024-49625 - WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through <= 1.0.
9.8
CVE-2024-49626 - WordPress Shipyaari Shipping Management plugin <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2.
9.6
CVE-2024-49286 - WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen Berkvens SSV Events ssv-events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through <= 3.2.7.
8.7
CVE-2024-10194 - WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based ovβ¦
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overβ¦
10
CVE-2024-49611 - WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0.
9.8
CVE-2024-49328 - WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
9.8
CVE-2024-49604 - WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7.
6.5
CVE-2024-48049 - WordPress Mighty Builder plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder mighty-builder allows Stored XSS.This issue affects Mighty Builder: from n/a through <= 1.0.2.
7.1
CVE-2024-49323 - WordPress All in One Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahriar Alam All in One Slider all-in-one-slider allows Reflected XSS.This issue affects All in One Slider: from n/a through <= 1.1.