6.9
CVE-2024-11057 - Codezips Hospital Appointment System removeBranchResult.php sql injection
A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotelyโฆ
8.7
CVE-2024-11056 - Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The explโฆ
6.9
CVE-2024-11055 - 1000 Projects Beauty Parlour Management System admin-profile.php sql injection
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated reโฆ
7.3
CVE-2024-10958 - WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedโฆ
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value bโฆ
6.1
CVE-2024-10265 - Form Maker by 10Web โ Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Crossโฆ
The Form Maker by 10Web โ Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthentโฆ
5.4
CVE-2024-51576 - WordPress AMP Img Shortcode plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through <= 1.0.1.
5.3
CVE-2024-11054 - SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload
A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The โฆ
5.4
CVE-2024-51577 - WordPress bpmn.io plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1.0.
5.4
CVE-2024-51578 - WordPress 3D Presentation plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lpagg 3D Presentation 3d-presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through <= 1.0.
5.4
CVE-2024-51580 - WordPress Clever Addons for Elementor plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through <= 2.2.1.