ARI Fancy Lightbox – WordPress Popup Security Vulnerabilities

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

CVE-2024-34761 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

CVE-2024-4746

Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through...

CVE-2024-4745

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through...

CVE-2024-4746

Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through...

CVE-2024-4745

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through...

CVE-2024-35735

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...