6.4
CVE-2024-5038 - Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorโฆ
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attโฆ
4.8
CVE-2024-5658 - CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
3.7
CVE-2024-5657 - CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
6.1
CVE-2024-5673 - Cross-Site Scripting in PHP File Manager by Dulldusk
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
8.8
CVE-2024-5329 - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contโฆ
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the โdata[addonID]โ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparaโฆ
6.4
CVE-2024-5259 - MultiVendorX Marketplace โ WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (โฆ
The MultiVendorX Marketplace โ WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โhover_animationโ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it poโฆ
8.6
CVE-2024-28995 - SolarWinds Serv-U L Directory Transversal Vulnerability
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
7.5
CVE-2024-6239 - Poppler: pdfinfo: crash in broken documents when using -dests parameter
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
6.4
CVE-2024-5221 - Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboโฆ
9.1
CVE-2024-36394 - SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injโฆ
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')