2025-01-02
2025-01-02 12:15Z
HIGH

CVE-2023-45760 — Gvectors Wpdiscuz: Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45760

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDGvectorsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-01-02
2025-01-02 12:15Z
HIGH

CVE-2023-45104 — Wpdeveloper Betterlinks: Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45104

Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDWpdeveloperTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
HIGH

CVE-2024-56207 — Site: Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56207

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through <= 3.4.2. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
HIGH

CVE-2024-56206 — Site: Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56206

Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through <= 3.4.1. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
HIGH

CVE-2024-56204 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56204

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through <= 1.25. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
HIGH

CVE-2024-56203 — Site: Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56203

Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
CRIT

CVE-2024-56066 — Authorization: Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56066

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through <= 1.0.23. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-12-31
2024-12-31 14:15Z
HIGH

CVE-2024-56061 — Authorization: Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56061

Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-31
2024-12-31 14:15Z
CRIT

CVE-2024-56045 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56045

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. CVSSv3.1 9.3 (CRITICAL)

CWECWE 35VNDVibethemesTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-31
2024-12-31 14:15Z
CRIT

CVE-2024-56044 — Vibethemes Wordpress_learning_management_system: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56044

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDVibethemesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 14:15Z
CRIT

CVE-2024-56043 — Vibethemes Wordpress_learning_management_system: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56043

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDVibethemesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 14:15Z
CRIT

CVE-2024-56040 — Incorrect: Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56040

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56205 — Incorrect: Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56205

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56071 — Incorrect: Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56071

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 13:15Z
HIGH

CVE-2024-56067 — Authorization: Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56067

Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. CVSSv3.1 7.5 (HIGH) · EPSS 97th percentile

CWECWE 862TYPVulnerability
7.5
CVSS v3.1
100
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56064 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56064

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56046 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56046

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDVibethemesTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56042 — Vibethemes Wordpress_learning_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56042

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDVibethemesTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-31
2024-12-31 13:15Z
HIGH

CVE-2024-56041 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56041

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.5.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-31
2024-12-31 13:15Z
CRIT

CVE-2024-56039 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56039

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-31
2024-12-31 10:15Z
CRIT

CVE-2024-56220 — Incorrect: Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56220

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-31
2024-12-31 10:15Z
HIGH

CVE-2024-56214 — Path: Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56214

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.3 (HIGH)

CWECWE 35TYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2024-12-31
2024-12-31 10:15Z
HIGH

CVE-2024-56212 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56212

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-31
2024-12-31 10:15Z
HIGH

CVE-2024-56211 — Authorization: Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <=

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56211

Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-27
2024-12-27 20:15Z
HIGH

CVE-2024-56732 — Harfbuzz_project Harfbuzz: Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56732

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile

CWECWE 122VNDHarfbuzz ProjectVNDHarfbuzzTYPVulnerability
8.8
CVSS v3.1
94
Edit Score