Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-9302 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Appcheap APP Builder
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7.
network
low complexity
appcheap CWE-640
critical
9.8
2024-10-25 CVE-2024-9607 Cross-site Scripting vulnerability in 10Web Social Post Feed
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.
network
low complexity
10web CWE-79
6.1
2024-10-25 CVE-2024-9109 Missing Authorization vulnerability in Octolize Woocommerce UPS Shipping
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11.
network
low complexity
octolize CWE-862
4.3
2024-10-25 CVE-2024-9488 Unspecified vulnerability in Gvectors Wpdiscuz
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24.
network
low complexity
gvectors
critical
9.8
2024-10-25 CVE-2024-9686 Missing Authorization vulnerability in Choplugins Order Notification for Telegram
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1.
network
low complexity
choplugins CWE-862
5.3
2024-10-25 CVE-2024-10368 SQL Injection vulnerability in Codezips Sales Management System 1.0
A vulnerability was found in Codezips Sales Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-25 CVE-2024-10369 SQL Injection vulnerability in Codezips Sales Management System 1.0
A vulnerability was found in Codezips Sales Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-25 CVE-2024-10370 SQL Injection vulnerability in Codezips Sales Management System 1.0
A vulnerability was found in Codezips Sales Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-25 CVE-2024-10371 Classic Buffer Overflow vulnerability in Razormist Payroll Management System 1.0
A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0.
network
low complexity
razormist CWE-120
critical
9.8
2024-10-25 CVE-2024-10372 Insecure Temporary File vulnerability in Chidiwilliams Buzz 1.1.0
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0.
local
high complexity
chidiwilliams CWE-377
3.6