6.4
CVE-2024-8991 - OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 β¦
The OSM β OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forβ¦
6.4
CVE-2024-9049 - Beaver Builder β WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based β¦
The Beaver Builder β WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possβ¦
7.5
CVE-2024-9029 - Freeimage: heap buffer overflow in tiff_read_iptc_profile
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulβ¦
6.5
CVE-2024-7714 - AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBotβ¦
7.5
CVE-2024-7713 - AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
8.8
CVE-2024-8922 - Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquβ¦
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-lβ¦
7.2
CVE-2024-9130 - GiveWP β Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Iβ¦
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the βorderβ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing β¦
6.4
CVE-2024-8965 - Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via β¦
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contβ¦
6.5
CVE-2024-7011 -
Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA42β¦
0.0
CVE-2024-9273 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.