2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49314 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49314

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2. CVSSv3.1 10.0 (CRITICAL) · EPSS 50th percentile

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49305 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49305

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through <= 2.8.10. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-17
2024-10-17 18:15Z
HIGH

CVE-2024-49297 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49297

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49291 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49291

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro cooked-pro.This issue affects Cooked Pro: from n/a through < 1.8.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49246 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49246

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through <= 1.1. CVSSv3.1 9.3 (CRITICAL) · EPSS 32th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-17
2024-10-17 18:15Z
HIGH

CVE-2024-49244 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49244

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0. CVSSv3.1 8.5 (HIGH) · EPSS 32th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-17
2024-10-17 18:15Z
HIGH

CVE-2024-49219 — Themexpo Rs-members: Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49219

Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile

CWECWE 266VNDThemexpoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-17
2024-10-17 18:15Z
CRIT

CVE-2024-49217 — Madirisalmanaashish Adding_drop_down_roles_in_registration: Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-i

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49217

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 266VNDMadirisalmanaashishTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-17
2024-10-17 18:15Z
HIGH

CVE-2024-47312 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47312

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <= 1.4.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-17
2024-10-17 18:15Z
HIGH

CVE-2024-47304 — Wpmanageninja Fluent_support: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47304

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.This issue affects Fluent Support: from n/a through <= 1.8.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDWpmanageninjaTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-17
2024-10-17 14:15Z
HIGH

CVE-2024-49315 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49315

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through <= 1.0.0. CVSSv3.1 8.6 (HIGH) · EPSS 40th percentile

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-10-17
2024-10-17 02:15Z
CRIT

CVE-2024-9863 — Miniorange: The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9863

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDMiniorangeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49260 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin –

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49260

Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49254 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49254

Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows Code Injection.This issue affects ajax-extend: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 94TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
HIGH

CVE-2024-49253 — Relative: Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49253

Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. CVSSv3.1 8.6 (HIGH) · EPSS 53th percentile

CWECWE 23VNDRelativeTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49242 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49242

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5. CVSSv3.1 10.0 (CRITICAL) · EPSS 44th percentile

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49227 — Deserialization: of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49227

Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
HIGH

CVE-2024-49226 — Deserialization: of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49226

Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through <= 2.8.17. CVSSv3.1 8.8 (HIGH) · EPSS 40th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49218 — Deserialization: of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49218

Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-49216 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49216

Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1. CVSSv3.1 10.0 (CRITICAL) · EPSS 44th percentile

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48035 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48035

Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And Insert acf-images-search-and-insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through <= 1.1.4. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48034 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48034

Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF Flipbook create-flipbook-from-pdf allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through <= 1.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48030 — Deserialization: of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48030

Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48028 — Deserialization: of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48028

Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48027 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48027

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through <= 1.0.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score