Total
28515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5541 | 1 Vowelweb | 1 Ibtana | 2024-08-01 | 5.3 Medium |
| The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site. | ||||
| CVE-2024-5500 | 1 Google | 1 Chrome | 2024-08-01 | 6.5 Medium |
| Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5483 | 1 Thimpress | 1 Learnpress | 2024-08-01 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails | ||||
| CVE-2024-5449 | 1 Wppool | 1 Wp Dark Mode | 2024-08-01 | 4.3 Medium |
| The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | ||||
| CVE-2024-5465 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-01 | 5.9 Medium |
| Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-5059 | 1 Awplife | 1 Event Monster | 2024-08-01 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. | ||||
| CVE-2024-4565 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-08-01 | 6.5 Medium |
| The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access | ||||
| CVE-2024-4220 | 1 Beyondtrust | 1 Beyondinsight | 2024-08-01 | 4.3 Medium |
| Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | ||||
| CVE-2024-3651 | 2 Kjd, Redhat | 7 Internationalized Domain Names In Applications, Ansible Automation Platform, Enterprise Linux and 4 more | 2024-08-01 | 7.5 High |
| A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. | ||||
| CVE-2024-3172 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3175 | 1 Google | 1 Chrome | 2024-08-01 | 6.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-3156 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3073 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-01 | 2.7 Low |
| The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment. | ||||
| CVE-2024-2630 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 6.5 Medium |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-2629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-2473 | 1 Wpserveur | 1 Wps Hide Login | 2024-08-01 | 5.3 Medium |
| The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. | ||||
| CVE-2024-2385 | 1 Livemeshelementor | 1 Addons For Elementor | 2024-08-01 | 8.8 High |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2024-08-01 | 7.2 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02. | ||||