2024-10-16 | CVE-2024-10021 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 9.8 |
2024-10-16 | CVE-2024-10022 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. | 9.8 |
2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |
2024-10-16 | CVE-2024-9061 | Code Injection vulnerability in Themehunk WP Popup Builder The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. | 9.8 |
2024-10-16 | CVE-2018-25105 | Missing Authorization vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. | 9.8 |
2024-10-16 | CVE-2019-25217 | The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. network low complexity CWE-862 critical | 9.8 |
2024-10-16 | CVE-2020-36832 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. network low complexity CWE-287 critical | 9.8 |
2024-10-16 | CVE-2020-36837 | The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. network low complexity CWE-862 critical | 9.9 |
2024-10-16 | CVE-2021-4443 | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. network low complexity CWE-434 critical | 9.8 |