Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10786 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. | |||||
| CVE-2024-52921 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | |||||
| CVE-2024-10533 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the filebird plugin. | |||||
| CVE-2024-10861 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data. | |||||
| CVE-2024-10728 | 2024-11-18 | N/A | 8.8 HIGH | ||
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||
| CVE-2024-48073 | 2024-11-18 | N/A | 9.8 CRITICAL | ||
| sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges. | |||||
| CVE-2024-10531 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 5.3 MEDIUM |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants. | |||||
| CVE-2024-10530 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 4.3 MEDIUM |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants. | |||||
| CVE-2024-10529 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 5.3 MEDIUM |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants. | |||||
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52549 | 2024-11-15 | N/A | 4.3 MEDIUM | ||
| Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | |||||
| CVE-2024-52382 | 2024-11-15 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0. | |||||
| CVE-2024-52554 | 2024-11-15 | N/A | 8.8 HIGH | ||
| Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | |||||
| CVE-2024-52383 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2. | |||||
| CVE-2024-10802 | 2024-11-13 | N/A | 5.3 MEDIUM | ||
| The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. | |||||
| CVE-2024-10717 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
| The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value. | |||||
| CVE-2024-10629 | 2024-11-13 | N/A | 8.8 HIGH | ||
| The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-9578 | 2024-11-13 | N/A | 5.3 MEDIUM | ||
| The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. | |||||
| CVE-2024-10852 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings. | |||||
| CVE-2024-43919 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2024-11-13 | N/A | 5.3 MEDIUM |
| Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | |||||