10
CVE-2024-42462 - Bypass multifactor authentication
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
8.8
CVE-2024-7146 - JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion
The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files oβ¦
6.4
CVE-2024-7136 - JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,β¦
6.4
CVE-2024-7147 - JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribβ¦
6.8
CVE-2024-25008 - Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for exampleβ¦
4.2
CVE-2024-7501 - Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attacβ¦
9.8
CVE-2024-6460 - Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
7.2
CVE-2024-7301 - WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scriβ¦
4.3
CVE-2024-7422 - Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update
The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the themβ¦
4.4
CVE-2022-3399 - Cookie Notice & Compliance for GDPR / CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Sβ¦
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible β¦