5.4
CVE-2024-37437 - WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1.
0.0
CVE-2024-37430 - WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.
8.5
CVE-2023-3288 - A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
9.6
CVE-2023-38055 - A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
9.9
CVE-2023-38054 - A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
9.9
CVE-2023-38053 - A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
9.9
CVE-2023-38052 - A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
9.9
CVE-2023-38051 - A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
9.1
CVE-2023-38050 - A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
9.9
CVE-2023-38049 - A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.