5.5
CVE-2024-9462 - Poll Maker β Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Sβ¦
The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,β¦
4.9
CVE-2024-9475 - Poll Maker β Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Sβ¦
The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existβ¦
4.3
CVE-2024-9626 - Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachβ¦
The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lβ¦
8.8
CVE-2024-9890 - User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in β¦
9.8
CVE-2024-9933 - WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unautβ¦
9.8
CVE-2024-9931 - Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the firstβ¦
9.1
CVE-2024-47821 - pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can beβ¦
0.0
CVE-2024-10401 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.9
CVE-2024-49767 - Werkzeug possible resource exhaustion when parsing file data in forms
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effectivβ¦
0.0
CVE-2024-10398 -
This CVE id was assigned but later discarded.