4.4
CVE-2024-42032 -
Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
CVE-2024-42031 -
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
6.2
CVE-2024-42030 -
Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
4
CVE-2023-7265 -
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability
7.1
CVE-2024-22069 - Permission and Access Control Vulnerability in ZXV10 XT802/ET301
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
5.4
CVE-2024-6884 - Gutenberg Blocks with AI by Kadence WP < 3.2.39 - Contributor+ Stored XSS
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting aβ¦
4.8
CVE-2024-6481 - Search Filter Pro < 2.5.18 - Admin+ Stored XSS
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
4.3
CVE-2024-6824 - Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbβ¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticaβ¦
8.8
CVE-2024-7150 - Slider by 10Web β Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection viβ¦
The Slider by 10Web β Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. β¦
8.8
CVE-2024-7548 - LearnPress β WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via ordβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Tβ¦