CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6548 – Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure
https://notcve.org/view.php?id=CVE-2024-6548
The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/add-admin-javascript/trunk/tests/phpunit/bootstrap.php https://www.wordfence.com/threat-intel/vulnerabilities/id/1069c845-30b9-4aca-8a60-8b66c48365af?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6547 – Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure
https://notcve.org/view.php?id=CVE-2024-6547
The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/add-admin-css/trunk/tests/phpunit/bootstrap.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0064244b-72a4-486d-aaad-be1f57e4a8a1?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-7116 – MD-MAFUJUL-HASAN Online-Payroll-Management-System branch_viewmore.php sql injection
https://notcve.org/view.php?id=CVE-2024-7116
This is why information about affected and unaffected releases are unavailable. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/topsky979/Security-Collections/tree/main/cve7 https://vuldb.com/?ctiid.272447 https://vuldb.com/?id.272447 https://vuldb.com/?submit.376887 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6569 – Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6569
The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/forms-for-campaign-monitor/trunk/forms/views/admin/create.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38103 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38103
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •