CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9990 – Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9990
28 Oct 2024 — The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. ... El complemento Crypto para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.15 incluida. • https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L31 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-9989 – Crypto <= 2.15 - Authentication Bypass via log_in
https://notcve.org/view.php?id=CVE-2024-9989
28 Oct 2024 — The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. ... El complemento Crypto para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.15 incluida. ... The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. • https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50507 – WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-50507
28 Oct 2024 — The DS.DownloadList plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/dsdownloadlist/wordpress-ds-downloadlist-plugin-1-3-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50510 – WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50510
28 Oct 2024 — The AR for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2. • https://patchstack.com/database/vulnerability/ar-for-woocommerce/wordpress-ar-for-woocommerce-plugin-6-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9501 – Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9501
25 Oct 2024 — The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. • https://plugins.trac.wordpress.org/browser/wp-social/tags/3.0.6/inc/admin-create-user.php#L205 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50473 – WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50473
25 Oct 2024 — The Ajar in5 Embed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.1.3. • https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50475 – WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50475
25 Oct 2024 — The Signup Page plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://patchstack.com/database/vulnerability/signup-page/wordpress-signup-page-plugin-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50476 – WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50476
25 Oct 2024 — plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://patchstack.com/database/vulnerability/spendino/wordpress-gruen-spendino-spendenformular-plugin-1-0-1-arbitrary-option-update-to-privilege-escalation-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50477 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50477
25 Oct 2024 — The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.2.3. • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50478 – WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2024-50478
25 Oct 2024 — The 1-Click Login: Passwordless Authentication plugin for WordPress is vulnerable to authentication bypass in version 1.4.5. • https://patchstack.com/database/vulnerability/swoop-password-free-authentication/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-305: Authentication Bypass by Primary Weakness •