8.2
CVE-2024-7108 - Incorrect Authorization in National Keep's CyberMath
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.
6.8
CVE-2024-7107 - Directory Traversal in National Keep's CyberMath
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253.
5.5
CVE-2024-8633 - Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, β¦
6.8
CVE-2024-8725 - Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscriβ¦
7.5
CVE-2024-8126 - Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Adminiβ¦
7.2
CVE-2024-8704 - Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion viaβ¦
The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitraryβ¦
5.8
CVE-2024-9199 - Rate limit vulnerability in Clibo Manager
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS).
7.6
CVE-2024-9198 - Stored Cross-Site Scripting vulnerability in Clibo Manager
Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.
7.2
CVE-2022-4541 - WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrβ¦
6.4
CVE-2024-9115 - Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uβ¦
The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aβ¦