2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50482 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50482

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-29
2024-10-29 08:15Z
CRIT

CVE-2024-50480 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50480

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 21:15Z
CRIT

CVE-2024-50496 — Webandprint Ar: Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50496

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDWebandprintTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 21:15Z
CRIT

CVE-2024-50495 — Widgilabs Plugin_propagator: Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50495

Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDWidgilabsTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 13:15Z
HIGH

CVE-2024-50497 — Buynowdepot Advanced_online_ordering_and_delivery_platform: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50497

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through <= 2.0.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98CWECWE 829VNDBuynowdepotTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50491 — Micahblu Rsvp_me: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50491

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDMicahbluTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-28
2024-10-28 13:15Z
HIGH

CVE-2024-50488 — Priyabratasarkar Token_login: Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50488

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH)

CWECWE 288CWECWE 306VNDPriyabratasarkarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50483 — Tareqhasan Meetup: Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50483

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 639VNDTareqhasanTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50479 — Mansurahamed Woocommerce_quote_calculator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50479

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDMansurahamedTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-28
2024-10-28 13:15Z
CRIT

CVE-2024-50478 — Swoopnow 1-click_login\: Authentication Bypass by Primary Weakness vulnerability in swoopbrandon 1-Click Login: Passwordless Authentication swoop-password-free-authentication allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50478

Authentication Bypass by Primary Weakness vulnerability in swoopbrandon 1-Click Login: Passwordless Authentication swoop-password-free-authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: from n/a through 1.4.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287CWECWE 305VNDSwoopnowTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 13:15Z
HIGH

CVE-2024-50465 — Squirrly Premium_seo_pack: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50465

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack premium-seo-pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through <= 1.6.001. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDSquirrlyTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-28
2024-10-28 12:15Z
CRIT

CVE-2024-50498 — Lubus Wp_query_console: Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50498

Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 94VNDLubusTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-28
2024-10-28 12:15Z
HIGH

CVE-2024-50492 — Scottpaterson Scottcart: Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50492

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.This issue affects ScottCart: from n/a through <= 1.1. CVSSv3.1 8.3 (HIGH)

CWECWE 94VNDScottpatersonTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2024-10-28
2024-10-28 12:15Z
CRIT

CVE-2024-50489 — Realtyworkstation Realty_workstation: Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50489

Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through <= 1.0.45. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDRealtyworkstationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 12:15Z
CRIT

CVE-2024-50487 — Maantheme Maanstore_api: Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50487

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api allows Authentication Bypass.This issue affects MaanStore API: from n/a through <= 1.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDMaanthemeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 12:15Z
CRIT

CVE-2024-50486 — Acnoo Flutter_api: Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50486

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through <= 1.0.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDAcnooTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 12:15Z
CRIT

CVE-2024-50477 — Stacksmarket Stacks_mobile_app_builder: Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50477

Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDStacksmarketTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-28
2024-10-28 12:15Z
HIGH

CVE-2024-50416 — Wpclever Wpc_shop_as_a_customer_for_woocommerce: Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50416

Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through <= 1.2.6. CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDWpcleverTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-28
2024-10-28 12:15Z
HIGH

CVE-2024-50408 — Kibokolabs Namaste\!_lms: Deserialization of Untrusted Data vulnerability in Bob Namaste!

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50408

Deserialization of Untrusted Data vulnerability in Bob Namaste! LMS namaste-lms allows Object Injection.This issue affects Namaste! LMS: from n/a through <= 2.6.3. CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDKibokolabsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-26
2024-10-26 09:15Z
HIGH

CVE-2024-9637 — Igexsolutions Wpschoolpress: The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9637

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's CVSSv3.1 8.8 (HIGH)

CWECWE 639VNDIgexsolutionsVNDSchoolTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-26
2024-10-26 03:15Z
CRIT

CVE-2024-9933 — WatchTowerHQ: The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9933

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDWatchtowerhqTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-26
2024-10-26 03:15Z
HIGH

CVE-2024-9890 — User: The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9890

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. CVE-2024-50503 may be a duplicate. CVSSv3.1 8.8 (HIGH)

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-25
2024-10-25 07:15Z
HIGH

CVE-2024-10011 — Buddypress Buddypress: The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10011

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDBuddypressTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-24
2024-10-24 17:15Z
HIGH

CVE-2024-48544 — Incorrect: access control in the firmware update and download processes of Sylvania Smart Home

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48544

Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file. CVSSv3.1 8.4 (HIGH) · EPSS 10th percentile

CWECWE 863TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2024-10-24
2024-10-24 17:15Z
CRIT

CVE-2024-48539 — Neye3C: v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. CVSSv3.1 9.8 (CRITICAL) · EPSS 26th percentile

CWECWE 798VNDNeye3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score