2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49612 — Infotuts Sw_contact_form: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49612

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanjeev SW Contact Form sw-contact-form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDInfotutsTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49609 — Brandonwhite Author_discussion: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49609

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through <= 0.2.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDBrandonwhiteTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-47325 — Themeisle Multiple_page_generator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDThemeisleTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49625 — Brandonclark Sitebuilder_dynamic_components: Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Inje

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49625

Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile

CWECWE 502VNDBrandonclarkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49624 — Smartdevth Advanced_advertising_system: Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.T

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49624

Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDSmartdevthTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 09:15Z
HIGH

CVE-2024-49623 — Hasanmovahed Duplicate_title_validate: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49623

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDHasanmovahedTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 09:15Z
HIGH

CVE-2024-49622 — Apa Apa_banner_slider: Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari Apa Banner Slider apa-banner-slider allows SQL Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49622

Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari Apa Banner Slider apa-banner-slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)

CWECWE 352VNDApaTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-20
2024-10-20 09:15Z
HIGH

CVE-2024-49621 — Apa Apa_register_newsletter_form: Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari APA Register Newsletter Form apa-register-newsletter-form allows SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49621

Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari APA Register Newsletter Form apa-register-newsletter-form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)

CWECWE 352VNDApaTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49610 — Jackzhu Photokit: Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49610

Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDJackzhuTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
HIGH

CVE-2024-49608 — Gerryntabuhashe Gerryworks_post_by_mail: Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49608

Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 266VNDGerryntabuhasheTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49607 — Redwanhilali Wp_dropbox_dropins: Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49607

Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDRedwanhilaliTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49332 — Giveawayboost Giveaway_boost: Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49332

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through <= 2.1.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDGiveawayboostTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49331 — Myriadsolutionz Property_lot_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49331

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through <= 4.2.38. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDMyriadsolutionzTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49330 — Brx8r Nice_backgrounds: Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49330

Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDBrx8rTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49329 — Vivektamrakar Wp_rest_api_fns: Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49329

Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDVivektamrakarTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49327 — Asepbagjapriandana Woostagram_connect: Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49327

Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDAsepbagjapriandanaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49326 — Vasiliskerasiotis Affiliator: Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49326

Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDVasiliskerasiotisTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 09:15Z
CRIT

CVE-2024-49324 — Sovratec Sovratec_case_management: Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49324

Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDSovratecTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 08:15Z
CRIT

CVE-2024-49626 — Piyushmca Shipyaari_shipping_management: Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49626

Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 502VNDPiyushmcaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 08:15Z
CRIT

CVE-2024-49611 — Paxman Product_website_showcase: Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49611

Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDPaxmanTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-20
2024-10-20 08:15Z
CRIT

CVE-2024-49604 — Najeebmedia Simple_user_registration: Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49604

Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDNajeebmediaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 08:15Z
CRIT

CVE-2024-49328 — Vivektamrakar Wp_rest_api_fns: Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49328

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDVivektamrakarTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 08:15Z
CRIT

CVE-2024-49286 — Moridrin Ssv_events: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49286

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen Berkvens SSV Events ssv-events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through <= 3.2.7. CVSSv3.1 9.6 (CRITICAL)

CWECWE 22VNDMoridrinTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49322 — Incorrect: Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49322

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49318 — Deserialization: of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49318

Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score