CVE-2024-9306

The CVE refers to WP Booking Calendar for WordPress (versions

CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-5481

Affected software: Photo Gallery by 10Web – Mobile-Friendly Image Gallery (WordPress). CVE-2024-5481 affects all versions up to 1.8.23. Root cause: Path Traversal via esc_dir leading to copying arbitrary files and deleting arbitrary directories (including WordPress root). By default exploitable b...

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

Unspecified Vulnerability in IBM InfoSphere Information Server (CNVD-2022-68284)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

CVE-2021-24157

The CVE-2021-24157 issue affects Orbit Fox by ThemeIsle WordPress plugin. Affected component: the header/footer script injection feature in Orbit Fox; root cause: no validation of user capabilities (unfiltered_html) before saving script tags, enablingAuthenticated users with lower privileges to i...