Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-05 | CVE-2024-1177 | Missing Authorization vulnerability in Wpclubmanager WP Club Manager The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. | 5.3 |
2024-02-05 | CVE-2024-1208 | Unspecified vulnerability in Learndash The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. | 5.3 |
2024-02-05 | CVE-2024-1209 | Unspecified vulnerability in Learndash The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. | 5.3 |
2024-02-05 | CVE-2024-1210 | Unspecified vulnerability in Learndash The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. | 5.3 |
2024-02-05 | CVE-2024-24595 | Insufficiently Protected Credentials vulnerability in Clear Clearml Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | 7.1 |
2024-02-05 | CVE-2023-22817 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital products Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. | 5.5 |
2024-02-05 | CVE-2023-22819 | Resource Exhaustion vulnerability in Westerndigital products An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
2024-02-05 | CVE-2023-34042 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. | 5.5 |
2024-02-05 | CVE-2023-4637 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. | 5.3 |
2024-02-05 | CVE-2023-6526 | Cross-site Scripting vulnerability in Metabox Meta BOX The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. | 5.4 |