5.1
CVE-2024-5196 - Arris VAP2500 tools_command.php command injection
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclos…
5.1
CVE-2024-5195 - Arris VAP2500 diag_s.php command injection
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclos…
5.1
CVE-2024-5194 - Arris VAP2500 assoc_table.php command injection
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disc…
6.9
CVE-2024-5193 - Ritlabs TinyWeb Server Request crlf injection
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicl…
6.4
CVE-2024-4262 - Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting v…
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
0.0
CVE-2024-4153 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.4
CVE-2024-5025 - MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Param…
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a…
6.4
CVE-2024-4362 - SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting v…
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible …
8.5
CVE-2024-5031 - MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-us…
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary lo…
4.3
CVE-2024-2036 - ApplyOnline – Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive In…
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe…