Lucene search

K

ARI Fancy Lightbox – WordPress Popup Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-10 04:37 PM
cvelist
cvelist

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:37 PM
3
vulnrichment
vulnrichment

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

7.1AI Score

0.001EPSS

2024-06-10 04:34 PM
1
cvelist
cvelist

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

0.001EPSS

2024-06-10 04:34 PM
9
vulnrichment
vulnrichment

CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-10 04:32 PM
cvelist
cvelist

CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

7.5CVSS

0.001EPSS

2024-06-10 04:32 PM
3
cvelist
cvelist

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

8.6CVSS

0.0005EPSS

2024-06-10 04:26 PM
3
vulnrichment
vulnrichment

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-10 04:26 PM
cvelist
cvelist

CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

8.6CVSS

0.0005EPSS

2024-06-10 04:23 PM
1
vulnrichment
vulnrichment

CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-10 04:23 PM
vulnrichment
vulnrichment

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 04:21 PM
1
cvelist
cvelist

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:21 PM
4
nvd
nvd

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

4.9CVSS

0.001EPSS

2024-06-10 04:15 PM
3
cve
cve

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

4.9CVSS

5.1AI Score

0.001EPSS

2024-06-10 04:15 PM
23
nvd
nvd

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

9.8CVSS

0.001EPSS

2024-06-10 04:15 PM
2
cve
cve

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

9.1CVSS

8.6AI Score

0.0005EPSS

2024-06-10 04:15 PM
27
cve
cve

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

5.4AI Score

0.0005EPSS

2024-06-10 04:15 PM
24
nvd
nvd

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:15 PM
nvd
nvd

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

9.1CVSS

0.0005EPSS

2024-06-10 04:15 PM
1
cve
cve

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

7.2CVSS

5.3AI Score

0.001EPSS

2024-06-10 04:15 PM
23
nvd
nvd

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

7.2CVSS

0.001EPSS

2024-06-10 04:15 PM
2
cve
cve

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

9.8CVSS

9.1AI Score

0.001EPSS

2024-06-10 04:15 PM
27
nvd
nvd

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-10 04:15 PM
1
cve
cve

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

7.6AI Score

0.0004EPSS

2024-06-10 04:15 PM
24
cve
cve

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

9.5AI Score

0.0004EPSS

2024-06-10 04:15 PM
24
nvd
nvd

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

0.0004EPSS

2024-06-10 04:15 PM
2
cve
cve

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

8.5CVSS

8.6AI Score

0.0004EPSS

2024-06-10 04:15 PM
28
nvd
nvd

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

8.5CVSS

0.0004EPSS

2024-06-10 04:15 PM
3
cvelist
cvelist

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

4.9CVSS

0.001EPSS

2024-06-10 03:53 PM
2
vulnrichment
vulnrichment

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

4.9CVSS

6.8AI Score

0.001EPSS

2024-06-10 03:53 PM
cvelist
cvelist

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 03:48 PM
3
vulnrichment
vulnrichment

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 03:48 PM
cvelist
cvelist

CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

9CVSS

0.001EPSS

2024-06-10 03:46 PM
3
vulnrichment
vulnrichment

CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

9CVSS

6.9AI Score

0.001EPSS

2024-06-10 03:46 PM
vulnrichment
vulnrichment

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

8.6CVSS

6.9AI Score

0.0005EPSS

2024-06-10 03:45 PM
cvelist
cvelist

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

8.6CVSS

0.0005EPSS

2024-06-10 03:45 PM
3
vulnrichment
vulnrichment

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

4.9CVSS

7.2AI Score

0.001EPSS

2024-06-10 03:43 PM
cvelist
cvelist

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

4.9CVSS

0.001EPSS

2024-06-10 03:43 PM
2
cvelist
cvelist

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-10 03:41 PM
4
vulnrichment
vulnrichment

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

7.2AI Score

0.0004EPSS

2024-06-10 03:41 PM
cvelist
cvelist

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

0.0004EPSS

2024-06-10 03:38 PM
4
vulnrichment
vulnrichment

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

7AI Score

0.0004EPSS

2024-06-10 03:38 PM
cvelist
cvelist

CVE-2024-34761 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

8.5CVSS

0.0004EPSS

2024-06-10 03:34 PM
3
nuclei
nuclei

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

7.5CVSS

6.7AI Score

0.003EPSS

2024-06-10 11:52 AM
cve
cve

CVE-2024-4746

Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through...

6.3CVSS

4.7AI Score

0.0004EPSS

2024-06-10 08:15 AM
35
nvd
nvd

CVE-2024-4745

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-10 08:15 AM
2
nvd
nvd

CVE-2024-4746

Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-10 08:15 AM
4
cve
cve

CVE-2024-4745

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through...

6.3CVSS

4.7AI Score

0.0004EPSS

2024-06-10 08:15 AM
29
cve
cve

CVE-2024-35735

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-10 08:15 AM
22
nvd
nvd

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
3
Total number of security vulnerabilities95578