|
1361
|
9.8 |
CRITICAL
Network
-
|
-
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to…
|
CWE-22
Path Traversal
|
CVE-2024-11150
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1362
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…
|
CWE-862
Missing Authorization
|
CVE-2024-10800
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
- |
|
-
|
-
|
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impacting connected devices.
|
CWE-862
Missing Authorization
|
CVE-2024-10575
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
- |
|
-
|
-
|
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
cause a potential arbitrary code execution after a successful Man-In-The Middle attack…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-8937
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
- |
|
-
|
-
|
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory
after a successful Man-In-The-Middle attack followed by sending a crafted Modbus…
|
CWE-20
Improper Input Validation
|
CVE-2024-8936
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
- |
|
-
|
-
|
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss
of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attac…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-8935
|
2024-11-13 14:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
- |
|
-
|
-
|
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability exists that could cause retrieval of password hash that could lead to denial of service…
|
-
|
CVE-2024-8933
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
8.1 |
HIGH
Network
|
-
|
-
|
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order ex…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10828
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
- |
|
-
|
-
|
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10820
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
7.5 |
HIGH
Network
-
|
-
|
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticat…
|
-
|
CVE-2024-10816
|
2024-11-13 13:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
