2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54363 — Incorrect: Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54363

Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54361 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54361

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-54359 — Authorization: Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54359

Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-54352 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54352

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2024-54336 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54336

Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.7. CVSSv3.1 8.8 (HIGH)

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2024-54304 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54304

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54297 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54297

Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54296 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54296

Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54295 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54295

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54294 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54294

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through <= 1.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54293 — Incorrect: Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54293

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54292 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54292

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54273 — Deserialization: of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54273

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through <= 1.0.14. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54262 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54262

Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54261 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54261

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through <= 1.2.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 89TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2024-54258 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54258

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2024-54248 — Site: Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54248

Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54239 — Authorization: Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54239

Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2024-54234 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54234

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2023-41695 — Analytify Analytify_-_google_analytics_dashboard: Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41695

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDAnalytifyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2023-41130 — Authorization: Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41130

Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12. CVSSv3.1 8.1 (HIGH) · EPSS 40th percentile

CWECWE 862TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2023-40334 — Pluginus Husky_-_products_filter_professional_for_woocommerce: Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Config

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40334

Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDPluginusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2023-40005 — Awesomemotive Easy_digital_downloads: Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40005

Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862VNDAwesomemotiveTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
CRIT

CVE-2023-40003 — Wedevs Wp_project_manager: Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862VNDWedevsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-13
2024-12-13 15:15Z
HIGH

CVE-2023-38385 — Artbees Jupiter_x_core: Missing Authorization vulnerability in artbees JupiterX Core jupiterx-core allows Exploiting Incorrectly Configured Access Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-38385

Missing Authorization vulnerability in artbees JupiterX Core jupiterx-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from n/a through 3.0.0-3.3.0. CVSSv3.1 8.3 (HIGH)

CWECWE 862VNDArtbeesTYPVulnerability
8.3
CVSS v3.1
92
Edit Score