CVE-2024-54370 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54369 |
Description: Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54368 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54367 |
Description: Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54366 |
Description: Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54365 |
Description: Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54364 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54363 |
Description: Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54361 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
CVE-2024-54360 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|