5.3
CVE-2024-6088 - LearnPress β WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Regiβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user regisβ¦
6.4
CVE-2024-4268 - Ultimate Blocks β WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site β¦
The Ultimate Blocks β WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authβ¦
5.3
CVE-2024-6440 - SourceCodester Home Owners Collection Management System sql injection
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the aβ¦
5.3
CVE-2024-6439 - SourceCodester Home Owners Collection Management System unrestricted upload
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotβ¦
5.3
CVE-2024-6438 - Hitout Carsale OrderController.java sql injection
A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the pubβ¦
4.3
CVE-2024-6012 - Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary β¦
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with β¦
4.4
CVE-2024-6011 - Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtextarea.descriptionβ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Adβ¦
5.9
CVE-2024-34601 -
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
4.4
CVE-2024-34600 -
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
4
CVE-2024-34599 -
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.