Total 262750 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43325 1 Naiches 1 Dark Mode For Wp Dashboard 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3.
CVE-2024-41143 1 Skygroup 1 Skysea Client View 2024-09-12 7.8 High
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.
CVE-2024-43316 1 Checkoutplugins 1 Stripe Payments For Woocommerce 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
CVE-2024-37930 2 Theme-sphere, Themesphere 2 Smartmag, Smartmag 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0.
CVE-2024-43301 1 Fontsplugin 1 Fonts Plugin 2024-09-12 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7.
CVE-2024-43299 1 Softaculous 1 Speedycache 2024-09-12 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.
CVE-2024-43129 1 Wpdeveloper 1 Betterdocs 2024-09-12 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8.
CVE-2024-43295 1 Wpdataaccess 1 Wp Data Access 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.
CVE-2024-32840 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-43287 1 Sendinblue 1 Newsletter\, Smtp\, Email Marketing And Subscribe 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.
CVE-2024-34783 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-29847 2024-09-12 N/A
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-34779 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-43269 1 Wpbackitup 1 Backup And Restore Wordpress 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43135 1 Themewinter 1 Wpcafe 2024-09-12 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
CVE-2024-32848 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-43265 1 Analytify 1 Analytify - Google Analytics Dashboard 2024-09-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
CVE-2024-34785 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32843 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32846 2024-09-12 N/A
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.