6.1
CVE-2024-9667 - Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scriβ¦
8.8
CVE-2024-10711 - WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update
The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary opβ¦
8.1
CVE-2024-10114 - Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAβ¦
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as anβ¦
6.4
CVE-2024-9443 - Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploβ¦
The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abovβ¦
7.6
CVE-2024-51510 -
Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
3.3
CVE-2024-47402 - Liteos_a has an Out-of-bounds Read vulnerability
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.
8.4
CVE-2024-47137 - Liteos_a has an out-of-bounds Write vulnerability
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
8.4
CVE-2024-47404 - Liteos_a has a double free vulnerability
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
8.4
CVE-2024-47797 - Liteos_a has an out-of-bounds Write vulnerability
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
8.1
CVE-2024-10097 - Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log β¦