4.4
CVE-2024-3031 - Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permis…
5.3
CVE-2024-1718 - Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authe…
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers…
7.5
CVE-2024-2019 - WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attack…
7.2
CVE-2024-3555 - Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Auth…
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated att…
4.3
CVE-2024-1717 - Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Re…
The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, t…
6.4
CVE-2024-3888 - tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortc…
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker…
9.8
CVE-2024-4552 - Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attac…
7.2
CVE-2024-4870 - Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify …
6.5
CVE-2024-29976 -
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’…
6.7
CVE-2024-29975 -
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to e…