Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50450 | Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. | 9.8 |
| 2024-10-28 | CVE-2024-50477 | Missing Authentication for Critical Function vulnerability in Stacksmarket Stacks Mobile APP Builder Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | 9.8 |
| 2024-10-28 | CVE-2024-50486 | Missing Authentication for Critical Function vulnerability in Acnoo Flutter API Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. | 9.8 |
| 2024-10-28 | CVE-2024-50487 | Missing Authentication for Critical Function vulnerability in Maantheme Maanstore API Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | 9.8 |
| 2024-10-28 | CVE-2024-50489 | Missing Authentication for Critical Function vulnerability in Realtyworkstation Realty Workstation Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45. | 9.8 |
| 2024-10-28 | CVE-2024-50492 | Code Injection vulnerability in Scottpaterson Scottcart Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1. | 9.8 |
| 2024-10-28 | CVE-2024-50498 | Code Injection vulnerability in Lubus WP Query Console Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0. | 9.8 |
| 2024-10-28 | CVE-2024-9162 | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. | 7.2 |
| 2024-10-28 | CVE-2024-10438 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Sun.Net Ehdr Ctms The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities. | 7.5 |
| 2024-10-28 | CVE-2024-10439 | Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | 7.5 |