| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5047 | Hig | 0.48 | 7.3 | 0.01 | May 17, 2024 | A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack… | ||
| CVE-2024-35814 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"), which was a fix for commit 0eee5ae10256 ("swiotlb: fix slot… | ||
| CVE-2023-52669 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the… | ||
| CVE-2023-52667 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table()… | ||
| CVE-2023-52664 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and… | ||
| CVE-2024-5046 | Hig | 0.48 | 7.3 | 0.01 | May 17, 2024 | A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.… | ||
| CVE-2024-35792 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request. | ||
| CVE-2024-35791 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where… | ||
| CVE-2024-35789 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can… | ||
| CVE-2024-35785 | Hig | 0.46 | 7.1 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle… | ||
| CVE-2024-27433 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove… | ||
| CVE-2024-5055 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. | ||
| CVE-2024-27407 | Hig | 0.55 | 8.4 | 0.00 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() | ||
| CVE-2024-27405 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended… | ||
| CVE-2024-5052 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | ||
| CVE-2024-32960 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | ||
| CVE-2024-32959 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | ||
| CVE-2024-32830 | Hig | 0.56 | 8.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8. | ||
| CVE-2024-32692 | Hig | 0.53 | 8.2 | 0.00 | May 17, 2024 | Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. | ||
| CVE-2024-34370 | Hig | 0.47 | 7.2 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | ||
| CVE-2024-33569 | Hig | 0.47 | 7.2 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | ||
| CVE-2024-33550 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. | ||
| CVE-2024-33549 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | ||
| CVE-2024-32680 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue… | ||
| CVE-2024-32523 | Hig | 0.53 | 8.1 | 0.02 | May 17, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. | ||
| CVE-2024-32507 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. | ||
| CVE-2024-31300 | Hig | 0.55 | 8.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4. | ||
| CVE-2024-31237 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315. | ||
| CVE-2024-31232 | Hig | 0.52 | 8.0 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | ||
| CVE-2024-30527 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. | ||
| CVE-2024-27971 | Hig | 0.54 | 8.3 | 0.01 | May 17, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through… | ||
| CVE-2024-27955 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | ||
| CVE-2024-24934 | Hig | 0.55 | 8.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0. | ||
| CVE-2024-24869 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. | ||
| CVE-2024-22145 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||
| CVE-2023-51546 | Hig | 0.47 | 7.2 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | ||
| CVE-2023-51479 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | ||
| CVE-2023-51398 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | ||
| CVE-2023-51356 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | ||
| CVE-2023-50890 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. | ||
| CVE-2023-49753 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4. | ||
| CVE-2023-48757 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. | ||
| CVE-2023-47868 | Hig | 0.47 | 7.3 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. | ||
| CVE-2023-47782 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | ||
| CVE-2023-47683 | Hig | 0.52 | 8.0 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. | ||
| CVE-2023-47682 | Hig | 0.47 | 7.2 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5. | ||
| CVE-2023-47178 | Hig | 0.56 | 8.6 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8. | ||
| CVE-2023-46784 | Hig | 0.53 | 8.2 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS… | ||
| CVE-2023-46205 | Hig | 0.46 | 7.1 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14. | ||
| CVE-2023-46145 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. |
- risk 0.48cvss 7.3epss 0.01
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack…
- risk 0.57cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"), which was a fix for commit 0eee5ae10256 ("swiotlb: fix slot…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table()…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and…
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can…
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove…
- risk 0.49cvss 7.5epss 0.00
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
- risk 0.55cvss 8.4epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr()
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended…
- risk 0.49cvss 7.5epss 0.00
Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
- risk 0.57cvss 8.8epss 0.00
Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
- risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
- risk 0.47cvss 7.2epss 0.01
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
- risk 0.47cvss 7.2epss 0.01
Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
- risk 0.57cvss 8.8epss 0.00
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.
- risk 0.57cvss 8.8epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue…
- risk 0.53cvss 8.1epss 0.02
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.
- risk 0.49cvss 7.5epss 0.00
Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.
- risk 0.52cvss 8.0epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
- risk 0.49cvss 7.5epss 0.01
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.
- risk 0.54cvss 8.3epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through…
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
- risk 0.57cvss 8.8epss 0.01
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
- risk 0.47cvss 7.2epss 0.01
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
- risk 0.57cvss 8.8epss 0.00
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
- risk 0.47cvss 7.3epss 0.00
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
- risk 0.52cvss 8.0epss 0.00
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
- risk 0.47cvss 7.2epss 0.01
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
- risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.
- risk 0.53cvss 8.2epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS…
- risk 0.46cvss 7.1epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14.
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.