8.8
CVE-2024-3406 - WP Prayer <= 2.0.9 - Email Settings Update via CSRF
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
7.6
CVE-2024-3405 - WP Prayer <= 2.0.9 - Settings Update via CSRF
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
5.3
CVE-2024-4894 - ITPison OMICARD EDM - Server-Side Request Forgery
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.
6.4
CVE-2024-4208 - Gutenberg Blocks by Kadence Blocks β Page Builder Features <= 3.2.37 - Authenticated (Contributor+)β¦
The Gutenberg Blocks with AI by Kadence WP β Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user suβ¦
5.4
CVE-2024-3189 - Gutenberg Blocks by Kadence Blocks β Page Builder Features <= 3.2.37 - Authenticated (Contributor+)β¦
The Gutenberg Blocks by Kadence Blocks β Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.β¦
9.8
CVE-2024-4893 - DigiWin EasyFlow .NET - SQL Injection
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
10
CVE-2024-32888 - Amazon JDBC Driver for Redshift SQL Injection via line comment generation
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connecβ¦
6.5
CVE-2024-35109 -
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
8.8
CVE-2024-35108 -
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
6.4
CVE-2024-4373 - Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementβ¦
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to iβ¦