5.3
CVE-2024-7410 - My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file displaying/geβ¦
5.3
CVE-2024-7412 - No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure
The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the fulβ¦
5.3
CVE-2024-7416 - Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure
The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the fullβ¦
5.3
CVE-2024-7414 - PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has display_errors on. This makes it possible for unauthenticated attackers toβ¦
5.3
CVE-2024-7413 - Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the fuβ¦
5.3
CVE-2024-7382 - Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of theβ¦
8.1
CVE-2024-36460 - Front-end audit log shows passwords in plaintext
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
3
CVE-2024-22122 - AT(GSM) Command Injection
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
6.1
CVE-2024-22121 - Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
4.8
CVE-2024-6158 - Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilβ¦