Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32520 |
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2. Published: April 17, 2024; 4:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32519 |
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6. Published: April 17, 2024; 4:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32518 |
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0. Published: April 17, 2024; 4:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32517 |
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12. Published: April 17, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32516 |
Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. Published: April 17, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32515 |
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8. Published: April 17, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32514 |
Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. Published: April 17, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32513 |
Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. Published: April 17, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32509 |
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. Published: April 17, 2024; 4:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32506 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Published: April 17, 2024; 4:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22440 |
A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files. Published: April 17, 2024; 3:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2309 |
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2118 |
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2102 |
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious script is executed in the admin context. Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2101 |
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the admin context. Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1219 |
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0868 |
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value Published: April 17, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22329 |
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. Published: April 16, 2024; 10:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22354 |
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. Published: April 16, 2024; 9:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31680 |
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. Published: April 16, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |