8.4
CVE-2024-47797 - Liteos_a has an out-of-bounds Write vulnerability
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
8.1
CVE-2024-10097 - Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log โฆ
4.8
CVE-2024-9883 - Pods < 3.2.7.1 - Admin+ Stored XSS
The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.1
CVE-2024-9689 - Post From Frontend <= 1.0.0 - Post Deletion via CSRF
The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack
4.8
CVE-2024-7877 - Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar โ Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is dโฆ
4.8
CVE-2024-7876 - Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar โ Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html โฆ
4.8
CVE-2024-5578 - Table of Contents Plus <= 2408 - Editor+ Stored XSS
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
8.3
CVE-2024-9459 - SQL Injection
Zohocorp ManageEngineย Exchange Reporter Plus versionsย 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
6.4
CVE-2024-10340 - Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scriptโฆ
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacโฆ
5.3
CVE-2024-10810 - code-projects E-Health Care System app_request.php sql injection
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to launch the attack remotely. The exploit has โฆ