Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-10021 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-10-16 CVE-2024-10022 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-10-16 CVE-2016-15042 Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions.
network
low complexity
najeebmedia CWE-434
critical
9.8
2024-10-16 CVE-2020-36840 Missing Authorization vulnerability in Motopress Timetable and Event Schedule
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8.
network
low complexity
motopress CWE-862
critical
9.8
2024-10-16 CVE-2024-9061 Code Injection vulnerability in Themehunk WP Popup Builder
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
themehunk CWE-94
critical
9.8
2024-10-16 CVE-2018-25105 Missing Authorization vulnerability in Filemanagerpro File Manager
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0.
network
low complexity
filemanagerpro CWE-862
critical
9.8
2024-10-16 CVE-2019-25217 The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route.
network
low complexity
CWE-862
critical
9.8
2024-10-16 CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6.
network
low complexity
CWE-287
critical
9.8
2024-10-16 CVE-2020-36837 The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1.
network
low complexity
CWE-862
critical
9.9
2024-10-16 CVE-2021-4443 The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action.
network
low complexity
CWE-434
critical
9.8