Total 281648 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-9634 1 Webdevmattcrom 1 Givewp Donation Plugin And Fundraising Platform 2024-10-16 9.8 Critical
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.
CVE-2024-9647 2024-10-16 6.1 Medium
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-9873 2024-10-16 5.4 Medium
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-22032 2024-10-16 6.5 Medium
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members (for projects within the cluster), all have RBAC permissions to view the cluster object from the apiserver.
CVE-2024-47645 1 Sajidjaved 1 Top Bar-popups-by Wpoptin 2024-10-16 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1.
CVE-2024-48026 1 Grayson Robbins 1 Disc Golf Manager 2024-10-16 9.8 Critical
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0.
CVE-2024-48027 1 Xaraartech 1 External Featured Image From Bing 2024-10-16 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.
CVE-2024-48029 1 Hung Trang Si 1 Sb Random Posts Widget 2024-10-16 7.5 High
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0.
CVE-2024-48030 1 Gabriele Valenti 1 Telecash Ricaricaweb 2024-10-16 9.8 Critical
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2.
CVE-2024-48035 1 Takayukiimanishi 1 Acf Images Search And Insert 2024-10-16 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.
CVE-2024-49218 1 Recently Project 1 Recently 2024-10-16 9.8 Critical
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.
CVE-2024-49226 1 Taketin 1 Taketin To Wp Membership 2024-10-16 8.8 High
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.
CVE-2024-49227 1 Innovawebspzoo 1 Free Stock Photos Foter 2024-10-16 8.8 High
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.
CVE-2024-49245 1 Ahime 1 Ahime Image Printer 2024-10-16 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0.
CVE-2024-49247 1 Oc2ps 1 Better-bp-registration 2024-10-16 9.8 Critical
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.
CVE-2024-49251 1 Maantheme 1 Maan Addons For Elementor 2024-10-16 7.5 High
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1.
CVE-2024-49252 1 Teplitsa Of Social Technologies 1 Leyka 2024-10-16 5.3 Medium
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.6.
CVE-2024-49254 1 Sunjianle 1 Ajax Extend 2024-10-16 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0.
CVE-2024-49257 1 Denis 1 Azz Anonim Posting 2024-10-16 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.
CVE-2024-49260 1 Limb 1 Limb Image Gallery 2024-10-16 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.