6.4

CVSS3.1

CVE-2024-9443 - Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploโ€ฆ

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abovโ€ฆ

๐Ÿ“… Published: Nov. 5, 2024, 8:31 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 4:47 p.m.

7.6

CVSS3.1

CVE-2024-51510 -

Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

๐Ÿ“… Published: Nov. 5, 2024, 8:24 a.m. ๐Ÿ”„ Last Modified: Nov. 7, 2024, 5:03 p.m.

3.3

CVSS3.1

CVE-2024-47402 - Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

๐Ÿ“… Published: Nov. 5, 2024, 8:01 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 3:26 p.m.

8.4

CVSS3.1

CVE-2024-47137 - Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

๐Ÿ“… Published: Nov. 5, 2024, 8:01 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 3:26 p.m.

8.4

CVSS3.1

CVE-2024-47404 - Liteos_a has a double free vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

๐Ÿ“… Published: Nov. 5, 2024, 8:01 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 3:25 p.m.

8.4

CVSS3.1

CVE-2024-47797 - Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

๐Ÿ“… Published: Nov. 5, 2024, 8:01 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 3:24 p.m.

8.1

CVSS3.1

CVE-2024-10097 - Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log โ€ฆ

๐Ÿ“… Published: Nov. 5, 2024, 6:42 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 4:55 p.m.

4.8

CVSS3.1

CVE-2024-9883 - Pods < 3.2.7.1 - Admin+ Stored XSS

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

๐Ÿ“… Published: Nov. 5, 2024, 6 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 5:32 p.m.

4.1

CVSS3.1

CVE-2024-9689 - Post From Frontend <= 1.0.0 - Post Deletion via CSRF

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

๐Ÿ“… Published: Nov. 5, 2024, 6 a.m. ๐Ÿ”„ Last Modified: Dec. 20, 2024, 6:59 p.m.

4.8

CVSS3.1

CVE-2024-7877 - Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS

The Appointment Booking Calendar โ€” Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is dโ€ฆ

๐Ÿ“… Published: Nov. 5, 2024, 6 a.m. ๐Ÿ”„ Last Modified: Nov. 6, 2024, 3:42 p.m.
Total resulsts: 346656
Page 7766 of 34,666
ยซ previous page ยป next page
Filters