7.2
CVE-2024-38775 - WordPress CTX Feed plugin <= 6.5.6 - Arbitrary Options Update vulnerability
Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6.
4.9
CVE-2024-38791 - WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.
9
CVE-2024-39619 - WordPress ListingPro plugin <= 2.9.4 - Unauthenticated Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
8
CVE-2024-39621 - WordPress ListingPro plugin <= 2.9.4 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
4.5
CVE-2024-41957 - Vim double free in src/alloc.c:616
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list pointsβ¦
8.5
CVE-2024-39624 - WordPress ListingPro theme <= 2.9.4 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
5.5
CVE-2024-39630 - WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulneraβ¦
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13.
8.8
CVE-2024-39633 - WordPress PowerPack for Beaver Builder plugin <= 2.33.0 - Contributor+ Privilege Escalation vulneraβ¦
Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0.
8.8
CVE-2024-39634 - WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulneraβ¦
Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14.
6.9
CVE-2024-7366 - SourceCodester Tracking Monitoring Management System Login ajax.php sql injection
A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initβ¦