7.6
CVE-2024-38693 - WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
9.3
CVE-2024-5057 - WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
5.3
CVE-2024-8302 - dingfanzu CMS chpwd.php sql injection
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched reβ¦
6.4
CVE-2024-1056 - Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via β¦
The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it poβ¦
6.9
CVE-2024-8301 - dingfanzu CMS checkin.php sql injection
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be β¦
6.9
CVE-2024-8297 - kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutraβ¦
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralizatiβ¦
5.3
CVE-2024-3679 - Premium SEO Pack β WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure
The Premium SEO Pack β WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.
6.4
CVE-2024-1384 - Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Sitβ¦
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributesβ¦
5.3
CVE-2024-8296 - FeehiCMS index.php insert unrestricted upload
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been dβ¦
5.3
CVE-2024-2541 - Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via aβ¦