Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-14 | CVE-2024-12555 | The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. | 6.1 |
| 2024-12-14 | CVE-2024-12578 | The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. | 5.3 |
| 2024-12-14 | CVE-2024-9698 | The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. | 7.2 |
| 2024-12-13 | CVE-2024-55956 | Command Injection vulnerability in Cleo Harmony, Lexicom and Vltrader In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 9.8 |
| 2024-12-13 | CVE-2022-45806 | Missing Authorization vulnerability in Strategy11 Formidable Forms Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | 9.8 |
| 2024-12-13 | CVE-2023-40003 | Missing Authorization vulnerability in Wedevs WP Project Manager Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | 9.8 |
| 2024-12-13 | CVE-2023-40005 | Missing Authorization vulnerability in Awesomemotive Easy Digital Downloads Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | 9.8 |
| 2024-12-13 | CVE-2023-40203 | Missing Authorization vulnerability in Mailmunch Mailchimp Forms Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4. | 8.8 |
| 2024-12-13 | CVE-2023-41870 | Missing Authorization vulnerability in Themeum WP Crowdfunding Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | 8.8 |
| 2024-12-13 | CVE-2024-24902 | Unspecified vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. | 5.5 |