5.4
CVE-2023-51671 - WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
5.4
CVE-2023-51679 - WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2.
4.3
CVE-2023-51680 - WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.
4.3
CVE-2023-52117 - WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
5.4
CVE-2023-52177 - WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.
6.5
CVE-2024-5468 - WordPress Header Builder Plugin β Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitraβ¦
The WordPress Header Builder Plugin β Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to β¦
6.4
CVE-2024-5266 - Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortβ¦
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on useβ¦
6.4
CVE-2024-3925 - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrβ¦
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.11 due to insufficient input sanitization aβ¦
6.1
CVE-2024-5739 -
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app broβ¦
4.7
CVE-2024-28970 -
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.