2024-10-30
2024-10-30 08:15Z
HIGH

CVE-2024-50504 — Incorrect: Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50504

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-30
2024-10-30 08:15Z
CRIT

CVE-2024-50503 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50503

Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 17:15Z
HIGH

CVE-2024-9990 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9990

The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDOdudeVNDCryptoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-29
2024-10-29 17:15Z
CRIT

CVE-2024-9989 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9989

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDOdudeVNDCryptoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 17:15Z
CRIT

CVE-2024-9988 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9988

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDOdudeVNDCryptoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 10:15Z
HIGH

CVE-2024-50550 — Litespeedtech Litespeed_cache: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50550

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1. CVSSv3.1 8.1 (HIGH)

CWECWE 266CWECWE 326VNDLitespeedtechTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50490 — Authorization: Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50490

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50485 — Incorrect: Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50485

Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 09:15Z
HIGH

CVE-2024-50481 — Incorrect: Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50481

Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50476 — Authorization: Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50476

Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50475 — Authorization: Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50475

Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50473 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50473

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50427 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50427

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 09:15Z
CRIT

CVE-2024-50420 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50420

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through <= 1.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50494 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50494

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50493 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50493

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50484 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50484

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50482 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50482

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50480 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50480

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 21:15Z
CRIT

CVE-2024-50496 — Webandprint Ar: Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50496

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDWebandprintTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 21:15Z
CRIT

CVE-2024-50495 — Widgilabs Plugin_propagator: Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50495

Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDWidgilabsTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 13:15Z
HIGH

CVE-2024-50497 — Buynowdepot Advanced_online_ordering_and_delivery_platform: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50497

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through <= 2.0.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98CWECWE 829VNDBuynowdepotTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50491 — Micahblu Rsvp_me: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50491

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDMicahbluTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-28
2024-10-28 13:15Z
HIGH

CVE-2024-50488 — Priyabratasarkar Token_login: Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50488

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH)

CWECWE 288CWECWE 306VNDPriyabratasarkarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50483 — Tareqhasan Meetup: Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50483

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 639VNDTareqhasanTYPVulnerability
9.8
CVSS v3.1
99
Edit Score