Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-12 CVE-2024-8760 The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6.
network
low complexity
CWE-94
5.3
2024-10-10 CVE-2024-9581 Code Injection vulnerability in Happyplugins Shortcodes Anywhere
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1.
network
low complexity
happyplugins CWE-94
7.3
2024-10-07 CVE-2024-43363 Code Injection vulnerability in Cacti
Cacti is an open source performance and fault management framework.
network
low complexity
cacti CWE-94
7.2
2024-10-02 CVE-2024-8254 Code Injection vulnerability in Icegram Email Subscribers & Newsletters
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34.
network
low complexity
icegram CWE-94
6.3
2024-09-25 CVE-2024-46489 Code Injection vulnerability in Ferrislucas Promptr 6.0.7
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
network
low complexity
ferrislucas CWE-94
8.8
2024-09-25 CVE-2024-8481 Code Injection vulnerability in Blogcoding Special Text Boxes
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2.
network
low complexity
blogcoding CWE-94
7.3
2024-09-24 CVE-2024-8623 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3.
network
low complexity
pluginus CWE-94
7.3
2024-09-23 CVE-2024-0004 Code Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
network
low complexity
purestorage CWE-94
7.2
2024-09-19 CVE-2024-9006 Code Injection vulnerability in Jeanmarc77 123Solar 1.8.4.5
A vulnerability was found in jeanmarc77 123solar 1.8.4.5.
network
low complexity
jeanmarc77 CWE-94
8.8
2024-09-16 CVE-2024-44623 Code Injection vulnerability in SPX Graphics Controller
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
network
low complexity
spx CWE-94
critical
9.8