Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-09 | CVE-2024-54929 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | 7.2 |
| 2024-12-09 | CVE-2024-54936 | Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. | 5.4 |
| 2024-12-09 | CVE-2024-54937 | Unspecified vulnerability in Lopalopa E-Learning Management System 1.0 A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | 5.3 |
| 2024-12-09 | CVE-2024-8259 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. network low complexity critical | 9.8 |
| 2024-12-09 | CVE-2023-22701 | Unspecified vulnerability in Shopfiles Ebook Store Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775. | 9.8 |
| 2024-12-09 | CVE-2023-23715 | Missing Authorization vulnerability in Ultimatemember Jobboardwp Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | 8.8 |
| 2024-12-09 | CVE-2023-30748 | Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7. | 6.1 |
| 2024-12-09 | CVE-2023-30873 | Missing Authorization vulnerability in Androidbubble WP Docs Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. | 8.8 |
| 2024-12-09 | CVE-2023-47760 | Missing Authorization vulnerability in Wpdeveloper Essential Blocks Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 8.8 |
| 2024-12-09 | CVE-2023-47822 | Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10. | 8.8 |