ShopLentor < 2.8.9 - Authenticated Option Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...
7.1CVSS
6.6AI Score
0.001EPSS
propel/propel1 SQL injection possible with limit() on MySQL
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create()->limit('1;DROP TABLE users')->find(); This will drop the users table! The cause appears to be a lack of integer casting of the limit input i...
8.5AI Score
propel/propel1 SQL injection possible with limit() on MySQL
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create()->limit('1;DROP TABLE users')->find(); This will drop the users table! The cause appears to be a lack of integer casting of the limit input i...
8.5AI Score
Propel2 SQL injection possible with limit() on MySQL
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create()->limit('1;DROP TABLE users')->find(); This will drop the users table! The cause appears to be a lack of integer casting of the limit input i...
8.5AI Score
Propel2 SQL injection possible with limit() on MySQL
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create()->limit('1;DROP TABLE users')->find(); This will drop the users table! The cause appears to be a lack of integer casting of the limit input i...
8.5AI Score
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.7AI Score
0.0004EPSS
CVE-2024-35980 arm64: tlb: Fix TLBI RANGE operand
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....
6.3AI Score
0.0004EPSS
CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.4AI Score
0.0004EPSS
CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.8AI Score
0.0004EPSS
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.6 - Missing Authorization
Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to unauthorized access of functionality in versions up to, and including, 1.01.5. This makes it possible for unauthenticated attackers to make use of this functionality intended for higher...
5.3CVSS
6.7AI Score
0.0004EPSS
Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output.....
6.4CVSS
5.8AI Score
0.0004EPSS
Description The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above,.....
4.4CVSS
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....
6.6AI Score
0.0004EPSS
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through...
5.3CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-35173 WordPress WC Serial Numbers plugin <= 1.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through...
5.3CVSS
5.8AI Score
0.0004EPSS
CVE-2024-35173 WordPress WC Serial Numbers plugin <= 1.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through...
7.2CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through...
7.2CVSS
7.3AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.8CVSS
6.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through...
9.8CVSS
6.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3CVSS
6.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through...
7.2CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through...
9.8CVSS
6.9AI Score
0.0004EPSS
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-32680 WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-32680 WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.8CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through...
9.8CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3CVSS
6.9AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through...
9.8CVSS
7AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS