9.8
CVE-2024-37385 -
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
6.4
CVE-2024-1988 - Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel β Combo Blocks <β¦
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel β Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output esβ¦
6.4
CVE-2024-5425 - WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Atβ¦
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtitleβ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accesβ¦
7.5
CVE-2024-4887 - Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion
The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level accesβ¦
5.4
CVE-2024-5607 - GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update anβ¦
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,β¦
5.4
CVE-2024-3987 - WP Mobile Menu β The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Storβ¦
The WP Mobile Menu β The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,β¦
6.4
CVE-2024-1768 - Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wiβ¦
7.6
CVE-2023-32475 -
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
5.4
CVE-2023-6876 - Clever Fox β One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrβ¦
The Clever Fox β One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated atβ¦
4.3
CVE-2024-1689 - WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deβ¦
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level accβ¦