6.5
CVE-2024-5382 - Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.β¦
The Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it poβ¦
7.5
CVE-2024-5599 - FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing
The FileOrganizer β Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data incluβ¦
7.2
CVE-2024-5542 - Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.β¦
The Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input β¦
4.3
CVE-2024-5438 - Tutor LMS β eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Diβ¦
The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated attaβ¦
5.3
CVE-2024-5734 - itsourcecode Online Discussion Forum poster.php unrestricted upload
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has beenβ¦
6.9
CVE-2024-5733 - itsourcecode Online Discussion Forum register_me.php sql injection
A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been β¦
7.5
CVE-2024-5637 - Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path β¦
6.9
CVE-2024-5732 - Clash Proxy Port improper authentication
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public anβ¦
6.4
CVE-2024-5645 - Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βbutton_css_idβ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wiβ¦
6.8
CVE-2024-5481 - Photo Gallery by 10Web β Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Patβ¦
The Photo Gallery by 10Web β Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the seβ¦