-
CVE-2024-9939 – WordPress File Upload Path Traversal Vulnerability
CVE ID : CVE-2024-9939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. Severity:…
-
CVE-2024-45033 – Apache Airflow Fab Provider Insufficient Session Expiration Remote Authentication Bypass
CVE ID : CVE-2024-45033 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient…
-
CVE-2024-54676 – Apache OpenMeetings Object Deserialization Vulnerability
CVE ID : CVE-2024-54676 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to…
-
CVE-2024-13186 – Apache MinigameCenter Information Leak
CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-12855 – AdForest for WordPress AJAX Capability Bypass
CVE ID : CVE-2024-12855 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers,…
-
CVE-2024-13185 – Apache MinigameCenter Information Disclosure
CVE ID : CVE-2024-13185 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-11939 – WordPress Cost Calculator Builder PRO SQL Blind Time-Based Injection
CVE ID : CVE-2024-11939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of…
-
CVE-2024-12328 – Elementor MAS WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-12328 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
-
CVE-2024-11350 – AdForest WordPress Privilege Escalation Vulnerability
CVE ID : CVE-2024-11350 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user’s identity prior to updating their password through…
-
CVE-2024-11635 – Acunil WordPress File Upload Remote Code Execution Vulnerability
CVE ID : CVE-2024-11635 Published : Jan. 8, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the ‘wfu_ABSPATH’ cookie parameter. This makes it possible for unauthenticated attackers to execute code on the…