CVE-2024-32512

The CVE-2024-32512 entry concerns the WordPress weForms plugin (versions up to and including 1.6.20) with a Form Submission Restriction Bypass issue caused by Client-Side Enforcement of Server-Side Security. Affected component: weForms form submission logic; root cause: client-side enforcement al...

CVE-2024-21746 WordPress Wp Ultimate Review plugin <= 2.3.6 - IP limit Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through = 2.3.6...

CVE-2024-25906

CVE-2024-25906 affects the WordPress plugin Comments Like Dislike (WP Happy Coders) up to version 1.2.2 . The issue is an authentication bypass via spoofing, specifically an IP restriction bypass that can allow functionality bypass/escalation of access as described in Patchstack and Red Hat/NVD r...

CVE-2024-30479 WordPress LionScripts: IP Blocker Lite plugin <= 11.1.1 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

CVE-2024-30479 WordPress LionScripts: IP Blocker Lite plugin <= 11.1.1 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

CVE-2024-30480

CVE-2024-30480 describes anAuthentication Bypass by Spoofing vulnerability in the WordPress plugin CGC Maintenance Mode. Public sources (NVD/Red Hat/VulnEnrichment) confirm the issue affects CGC Maintenance Mode versions

CVE-2024-30522 WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0...

CVE-2024-31295 WordPress Captcha by BestWebSoft plugin <= 5.2.0 - Captcha Bypass vulnerability

Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0...

CVE-2024-31341

CVE-2024-31341 affects Cozmoslabs Profile Builder for WordPress (

CVE-2024-32131

CVE-2024-32131 describes an information disclosure in WordPress Download Manager (plugin). The vulnerability, titled Exposure of Sensitive Information to an Unauthorized Actor, allows a password-protected file lock bypass in versions up to 3.2.82 (includes 3.2.82). The CVSS v3.1 score is 7.5 (HIG...

CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82...

CVE-2024-33917

CVE-2024-33917 is an Authentication Bypass by Spoofing vulnerability in the WordPress plugin WTI Like Post by Webtechideas, affecting versions up to 1.4.6 . Public detail across sources identifies the issue as an IP spoofing-based authentication bypass that could allow bypassing normal access con...

CVE-2024-34434

CVE-2024-34434 is an Incorrect Authorization vulnerability in the WordPress MDTF (Meta Data and Taxonomies Filter) plugin. The issue affects MDTF versions from some unknown start until 1.3.3.2 and enables Code Inclusion/Arbitrary Shortcode Execution through a flawed authorization check. Red Hat’s...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

PT-2024-23984 · Cozmoslabs · Cozmoslabs Profile Builder

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Profile Builder versions prior to 3.11.2 Description: The issue is related to Insufficient Verification of Data Authenticity, allowing Functionality Bypass in Cozmoslabs Profile Builder. Recommendations: For versions prior to 3.11....

PT-2024-25888 · WordPress · Wordpress Meta Data/Taxonomies Filter

Name of the Vulnerable Software and Affected Versions: WordPress Meta Data and Taxonomies Filter MDTF versions 1.3.3.2 and earlier Description: The issue is related to an Incorrect Authorization vulnerability, allowing Code Inclusion and Functionality Misuse. Recommendations: For WordPress Meta...

GHSA-3783-62VC-JR7X ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

Siemens SIMATIC RTLS Locating Manager Hidden Function Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A hidden function vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected application containing hidde...

VMware Fusion 13.0.x < 13.5.2 Multiple Vulnerabilities (VMSA-2024-0010)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.0.x prior to 13.5.2. It is, therefore, affected by multiple vulnerabilities. - VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. CVE-2024-22267 - VMware Workstation...