| 2024-11-21 | CVE-2024-10782 | The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-21 | CVE-2024-10796 | The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-20 | CVE-2024-10855 | Authorization Bypass Through User-Controlled Key vulnerability in Sirv
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. | 8.1 |
| 2024-11-16 | CVE-2024-10795 | The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-15 | CVE-2024-50651 | Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. | 6.5 |
| 2024-11-15 | CVE-2021-3991 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. | 4.3 |
| 2024-11-13 | CVE-2024-10794 | The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-13 | CVE-2024-10778 | The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-12 | CVE-2023-47543 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. | 8.1 |
| 2024-11-12 | CVE-2024-10695 | Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |