0.0
CVE-2024-39306 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-39304. Reason: This candidate is a duplicate of CVE-2024-39304. Notes: All CVE users should reference CVE-2024-39304 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-39304. According tβ¦
5.3
CVE-2024-6241 - Pear Admin Boot getDictItems sql injection
A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has beeβ¦
6.5
CVE-2024-35781 - WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1.
6.5
CVE-2024-35778 - WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.
9.1
CVE-2024-35767 - WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4.
9.8
CVE-2023-38389 - WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8.
3.7
CVE-2022-44593 - WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.
5.3
CVE-2022-44587 - WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
4.3
CVE-2022-38055 - WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
9.2
CVE-2023-45197 - Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of β..β to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvβ¦