|
1421
|
5.3 |
MEDIUM
Network
martinvalchev
|
video_gallery_for_woocommerce
|
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-10535
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1422
|
8.1 |
HIGH
Network
|
heateor
|
social_login
|
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being…
|
NVD-CWE-noinfo
|
CVE-2024-10020
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
8.8 |
HIGH
Network
|
themelooks
|
mfolio
|
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, w…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9307
|
2024-11-9 06:18 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
5.3 |
MEDIUM
Network
theinnovs
|
eleforms
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all v…
|
CWE-862
Missing Authorization
|
CVE-2024-6626
|
2024-11-9 06:18 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1425
|
9.8 |
CRITICAL
Network
fortinet
|
fortimanager_cloud
fortimanager
|
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47575
|
2024-11-9 06:16 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1426
|
5.3 |
MEDIUM
Network
eclipse
|
jetty
|
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation …
|
NVD-CWE-Other
|
CVE-2024-6763
|
2024-11-9 06:15 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1427
|
9.8 |
CRITICAL
Network
websiteinwp
|
blogpoet
|
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
|
CWE-862
Missing Authorization
|
CVE-2024-43998
|
2024-11-9 06:11 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1428
|
8.8 |
HIGH
Network
|
geekcodelab
|
login_as_users
|
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.
|
CWE-862
Missing Authorization
|
CVE-2024-43982
|
2024-11-9 06:11 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
8.8 |
HIGH
Network
|
ayecode
|
geodirectory
|
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: fr…
|
CWE-862
Missing Authorization
|
CVE-2024-43981
|
2024-11-9 06:10 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manage…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-51740
|
2024-11-9 06:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
