Latest CVE Feed
-
0.0
NONECVE-2024-42029
xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.5
CVSS31CVE-2024-6661
The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes ... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
6.4
CVSS31CVE-2024-6634
The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user suppl... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.8
CVSS31CVE-2024-6591
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to,... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6573
The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/intel/realtime/index.php file and display_errors being ena... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6566
The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabl... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6549
The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthe... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6548
The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthen... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6547
The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthentica... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6546
The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for un... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-6545
The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauth... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
8.8
CVSS31CVE-2024-6431
The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for au... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
8.8
CVSS31CVE-2024-6152
The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated att... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.4
CVSS31CVE-2024-4410
The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wi... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
4.3
CVSS31CVE-2024-1804
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenti... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
5.3
CVSS31CVE-2024-1798
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated ... Read more
Affected Products :- Published: Jul. 27, 2024
- Modified: Jul. 27, 2024
-
0.0
NONECVE-2024-40433
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.... Read more
Affected Products :- Published: Jul. 26, 2024
- Modified: Jul. 26, 2024
-
0.0
NONECVE-2024-37034
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.... Read more
Affected Products :- Published: Jul. 26, 2024
- Modified: Jul. 26, 2024
-
7.4
CVSS31CVE-2024-41815
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in b... Read more
Affected Products :- Published: Jul. 26, 2024
- Modified: Jul. 26, 2024
-
0.0
NONECVE-2024-41628
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.... Read more
Affected Products :- Published: Jul. 26, 2024
- Modified: Jul. 26, 2024