CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7129 – Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE
https://notcve.org/view.php?id=CVE-2024-7129
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins • https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6850 – Carousel Slider < 2.2.14 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6850
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed • https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6723 – AI Engine < 2.4.8 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2024-6723
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions. • https://wpscan.com/vulnerability/fbd2152e-0aa1-4b56-a6a3-2e6ec78e08a5 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7859 – Visual Sound <= 1.03 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-7859
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack • https://wpscan.com/vulnerability/88cacd47-d900-478c-b833-c6c55fd4b082 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7766 – Adicon Server <= 1.2 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2024-7766
The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks • https://wpscan.com/vulnerability/ca4d629e-ab55-4e5d-80c9-fddbc9c97259 •