CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43341 – WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43341
16 Aug 2024 — The Hello Agency theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hello_agency_dismissble_notice() function in versions up to, and including, 1.0.5. • https://patchstack.com/database/vulnerability/hello-agency/wordpress-hello-agency-theme-1-0-5-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43275 – WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43275
15 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6. Cross-Site Request Forgery (CSRF) vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6. • https://patchstack.com/database/vulnerability/insert-php-code-snippet/wordpress-insert-php-code-snippet-plugin-1-3-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43240 – WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-43240
12 Aug 2024 — The Indeed Membership Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 12.7. • https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43242 – WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43242
12 Aug 2024 — The Indeed Membership Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 12.7 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6924 – TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-6924
10 Aug 2024 — The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. The TrueBooker – Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6928 – Opti Marketing <= 2.0.9 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-6928
10 Aug 2024 — The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. The Opti Marketing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7503 – WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover
https://notcve.org/view.php?id=CVE-2024-7503
09 Aug 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7492 – MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-7492
07 Aug 2024 — The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. ... El complemento MainWP Child Reports para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2 incluida. • https://plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-network.php#L346 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43116 – WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43116
07 Aug 2024 — The Simple Local Avatars plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.10. • https://patchstack.com/database/vulnerability/simple-local-avatars/wordpress-simple-local-avatars-plugin-2-7-10-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43117 – WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43117
07 Aug 2024 — The Hummingbird plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.1. • https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •