151
|
5.3 |
MEDIUM
Network
-
|
-
|
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from su…
Update
|
CWE-75
Special Element Injection
|
CVE-2024-9940
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
152
|
9.8 |
CRITICAL
Network
-
|
-
|
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. Th…
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-9863
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
153
|
9.8 |
CRITICAL
Network
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-co…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9862
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
154
|
8.1 |
HIGH
Network
|
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being…
Update
|
-
|
CVE-2024-9861
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
155
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
Update
|
-
|
CVE-2024-9240
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
156
|
8.8 |
HIGH
Network
|
-
|
-
|
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Ta…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9215
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
157
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker w…
Update
|
CWE-89
SQL Injection
|
CVE-2024-45767
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
158
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could pot…
Update
|
CWE-94
Code Injection
|
CVE-2024-45766
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
159
|
- |
|
-
|
-
|
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, o…
Update
|
-
|
CVE-2024-7994
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
160
|
- |
|
-
|
-
|
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or exec…
Update
|
-
|
CVE-2024-7993
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|