9.8
CVE-2024-6028 - Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possโฆ
4.3
CVE-2024-3249 - Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modificatโฆ
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2โฆ
5.5
CVE-2024-4759 - Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
8.1
CVE-2024-4757 - Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
8.8
CVE-2024-5431 - WPCafe โ Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.2โฆ
The WPCafe โ Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackโฆ
3.8
CVE-2024-32855 -
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
9.9
CVE-2024-4197 - Avaya IP Office One-X Portal File Upload Vulnerability
An unrestrictedย file upload vulnerability in Avaya IP Officeย was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
10
CVE-2024-4196 - Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
7.8
CVE-2024-37007 - Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
7.8
CVE-2024-36999 - Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.