5.3
CVE-2024-6550 - Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure
The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of tβ¦
5.7
CVE-2023-32467 -
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
5.7
CVE-2023-32472 -
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or esβ¦
6.7
CVE-2024-38301 -
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
8.8
CVE-2024-5792 - Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection
The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes βbelong_toβ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possiβ¦
8.8
CVE-2023-7062 - Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive informaβ¦
4.3
CVE-2024-5677 - Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Uplβ¦
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access β¦
6.4
CVE-2024-4866 - UltraAddons β Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Buiβ¦
The UltraAddons β Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanβ¦
8.8
CVE-2023-7061 - Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make rβ¦
7
CVE-2024-32670 -
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.