| 2024-10-16 | CVE-2020-36841 | The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. | 5.3 |
| 2024-10-16 | CVE-2024-10023 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. | 8.8 |
| 2024-10-16 | CVE-2024-10024 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. | 8.8 |
| 2024-10-16 | CVE-2024-10021 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0. | 9.8 |
| 2024-10-16 | CVE-2024-10022 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. | 9.8 |
| 2024-10-16 | CVE-2024-8921 | The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-16 | CVE-2024-9444 | The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2017-20193 | Cross-site Scripting vulnerability in WOO Product Vendors
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-16 | CVE-2017-20194 | Unspecified vulnerability in Strategy11 Formidable Form Builder
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. | 5.3 |