Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-10045 | Cross-Site Request Forgery (CSRF) vulnerability in Wpbeginner Transients Manager The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. | 4.3 |
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
| 2024-10-23 | CVE-2024-9530 | Unspecified vulnerability in Qodeinteractive QI Addons for Elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. | 4.3 |
| 2024-10-23 | CVE-2024-9583 | Missing Authorization vulnerability in Rebelcode RSS Aggregator The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. | 5.4 |
| 2024-10-23 | CVE-2024-9947 | Improper Authentication vulnerability in Properfraction Profilepress The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. | 9.8 |
| 2024-10-23 | CVE-2024-50066 | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. | 7.0 |
| 2024-10-23 | CVE-2024-9829 | Missing Authorization vulnerability in Metagauss Download Plugin The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. | 6.5 |
| 2024-10-23 | CVE-2024-31880 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | 6.5 |
| 2024-10-23 | CVE-2024-9927 | Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. | 7.2 |
| 2024-10-22 | CVE-2024-7587 | Incorrect Default Permissions vulnerability in multiple products Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. | 7.8 |