Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-50459 | Missing Authorization vulnerability in Hmplugin Aidwp Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | 9.8 |
| 2024-10-29 | CVE-2024-50466 | Cross-Site Request Forgery (CSRF) vulnerability in Darkmysite Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | 8.8 |
| 2024-10-29 | CVE-2024-8924 | SQL Injection vulnerability in Servicenow Vancouver/Xanadu ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. | 7.5 |
| 2024-10-29 | CVE-2024-9988 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
| 2024-10-29 | CVE-2024-9989 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
| 2024-10-29 | CVE-2024-9990 | Cross-Site Request Forgery (CSRF) vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. | 8.8 |
| 2024-10-29 | CVE-2024-10452 | Authorization Bypass Through User-Controlled Key vulnerability in Grafana 10.4.0 Organization admins can delete pending invites created in an organization they are not part of. | 2.7 |
| 2024-10-29 | CVE-2024-25566 | Open Redirect vulnerability in Forgerock Access Management An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. | 6.1 |
| 2024-10-29 | CVE-2024-7985 | Unrestricted Upload of File with Dangerous Type vulnerability in Fileorganizer The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. | 8.8 |
| 2024-10-29 | CVE-2024-8923 | Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. | 10.0 |