7.2
CVE-2024-9314 - Rank Math SEO β AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) Pβ¦
The Rank Math SEO β AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administratβ¦
6.5
CVE-2024-9161 - Rank Math SEO β AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unautheβ¦
The Rank Math SEO β AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated atβ¦
7.5
CVE-2024-44016 - WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in amarksteadman Podiant podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through <= 1.1.
7.5
CVE-2024-44015 - WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in istmoplugins Users Control users-control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through <= 1.0.16.
9.6
CVE-2024-44014 - WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmax Studio Vmax Project Manager vmax-project-manager allows PHP Local File Inclusion.This issue affects Vmax Project Manager: from n/a through <= 1.0.
7.5
CVE-2024-44013 - WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through <= 2.4.0.
7.5
CVE-2024-44012 - WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription wp-newsletter-subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through <= 1.1.
7.5
CVE-2024-44011 - WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExpressTech Systems WP Ticket Ultra Help Desk & Support Plugin wp-ticket-ultra allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through <= 1.0.5.
4.9
CVE-2024-9146 - WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through <= 1.5.0.
6.1
CVE-2024-9417 - Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload
The Hash Form β Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are eβ¦