7.1
CVE-2024-1940 - Brizy β Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for authenticateβ¦
7.2
CVE-2024-2087 - Brizy β Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
9.8
CVE-2024-4295 - Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the βhashβ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes itβ¦
6.4
CVE-2024-1161 - Brizy β Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custoβ¦
The Brizy β Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with cβ¦
6.5
CVE-2024-5149 - BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
9.3
CVE-2024-5262 - ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.
5.3
CVE-2024-5483 - LearnPress β WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic infβ¦
6.4
CVE-2024-5317 - Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in paβ¦
5.3
CVE-2024-5636 - itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The eβ¦
7.5
CVE-2024-4084 - SSRF vulnerability in mintplex-labs/anything-llm
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172β¦