9.9
CVE-2024-49260 - WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin β Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin β Limb Image Gallery: from n/a through <= 1.5.7.
7.5
CVE-2024-47351 - WordPress MaxSlider plugin <= 1.2.3 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider maxslider allows Path Traversal.This issue affects MaxSlider: from n/a through <= 1.2.3.
7.5
CVE-2024-47645 - WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar β PopUps β by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar β PopUps β by WPOptin: from n/a through <= 2.0.1.
7.5
CVE-2024-48029 - WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through <= 1.0.
7.5
CVE-2024-49251 - WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through <= 1.0.1.
7.1
CVE-2024-22032 - Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members (for projectβ¦
9.8
CVE-2024-48026 - WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0.
8
CVE-2024-22030 - Rancher agents can be hijacked by taking over the Rancher Server URL
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. Thβ¦
9.8
CVE-2024-48028 - WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1.
9.8
CVE-2024-48030 - WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2.