7.2
CVE-2024-5211 - Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mβ¦
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored β¦
6.5
CVE-2024-5674 - Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribeβ¦
The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newβ¦
6.4
CVE-2024-3492 - Events Manager β Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Sβ¦
The Events Manager β Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escapinβ¦
4.4
CVE-2024-1766 - Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access β¦
9.8
CVE-2024-4898 - InstaWP Connect β 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticβ¦
The InstaWP Connect β 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site toβ¦
0.0
CVE-2024-5900 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2023-40209 - WordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
5.3
CVE-2023-40603 - WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4.
5.3
CVE-2023-41240 - WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Accβ¦
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2.
4.3
CVE-2023-44234 - WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08.