Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-16 CVE-2024-9935 The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function.
network
low complexity
CWE-22
7.5
7.5
2024-11-16 CVE-2024-9938 The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-16 CVE-2024-10786 The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11.
network
low complexity
CWE-862
4.3
4.3
2024-11-16 CVE-2024-10795 The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-16 CVE-2024-10861 The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7.
network
low complexity
CWE-862
5.3
5.3
2024-11-15 CVE-2024-11262 Out-of-bounds Write vulnerability in Razormist Student Record Management System 1.0
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical.
local
low complexity
razormist CWE-787
7.8
7.8
2024-11-15 CVE-2024-11261 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Razormist Student Record Management System 1.0
A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0.
local
low complexity
razormist CWE-119
6.1
6.1
2024-11-15 CVE-2024-11217 A vulnerability was found in the OAuth-server.
network
low complexity
 4.9
4.9
2024-11-15 CVE-2024-45610 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-45611 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-79
5.4
5.4