|
141
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vu…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-53295
|
2025-02-1 14:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially expl…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2024-53296
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
- |
|
-
|
-
|
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unaut…
|
CWE-29
Path Traversal: '\..\filename'
|
CVE-2024-51534
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-13651
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13547
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and inclu…
|
CWE-269
Improper Privilege Management
|
CVE-2024-13343
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
5.3 |
MEDIUM
Network
-
|
-
|
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_…
|
CWE-862
Missing Authorization
|
CVE-2024-12620
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
148
|
5.3 |
MEDIUM
Network
-
|
-
|
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all…
|
CWE-862
Missing Authorization
|
CVE-2024-12184
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
149
|
8.8 |
HIGH
Network
|
-
|
-
|
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all …
|
CWE-862
Missing Authorization
|
CVE-2024-12171
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11780
|
2025-02-1 13:15 |
2025-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
