6.1
CVE-2024-8797 - WP Booking System β Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting
The WP Booking System β Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackeβ¦
9.1
CVE-2024-8669 - Backuply β Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection
The Backuply β Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficβ¦
9.8
CVE-2024-8039 -
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
6.1
CVE-2024-8724 - Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting
The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to injecβ¦
7.3
CVE-2024-8479 - Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers β¦
8.8
CVE-2024-8246 - Post Form β Registration Form β Profile Form for User Profiles β Frontend Content Forms for User Suβ¦
The Post Form β Registration Form β Profile Form for User Profiles β Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to seβ¦
7.3
CVE-2024-8271 - FOX β Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcoβ¦
The The FOX β Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_sβ¦
5.3
CVE-2022-3459 - WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Addβ¦
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add nonβ¦
4.4
CVE-2024-44096 -
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
7.4
CVE-2024-44095 -
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.