Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-07 | CVE-2024-1118 | SQL Injection vulnerability in Podlove Subscribe Button The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-02-07 | CVE-2023-51437 | Information Exposure Through Discrepancy vulnerability in Apache Pulsar Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. | 7.4 |
2024-02-07 | CVE-2023-46914 | SQL Injection vulnerability in Bookingcalendar Project Bookingcalendar 2.7.9 SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | 9.8 |
2024-02-07 | CVE-2024-24303 | SQL Injection vulnerability in Hipresta Gift Wrapping PRO SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. | 9.8 |
2024-02-07 | CVE-2024-24304 | Unspecified vulnerability in Sinch Mailjet In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | 7.5 |
2024-02-07 | CVE-2024-24311 | Path Traversal vulnerability in Lineagrafica Multilingual and Multistore Sitemap PRO Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction. | 7.5 |
2024-02-07 | CVE-2023-40355 | Cross-site Scripting vulnerability in Axigen Mobile Webmail Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | 5.4 |
2024-02-07 | CVE-2024-0977 | Cross-site Scripting vulnerability in Coolplugins Timeline Widget for Elementor The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-02-07 | CVE-2024-1078 | Missing Authorization vulnerability in Ays-Pro Quiz Maker The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. | 4.3 |
2024-02-07 | CVE-2024-1079 | Missing Authorization vulnerability in Ays-Pro Quiz Maker The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. | 5.3 |