Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-20 CVE-2024-6636 The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3.
network
low complexity
critical
 9.8
9.8
2024-07-19 CVE-2024-6205 SQL Injection vulnerability in Payplus Payment Gateway
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
network
low complexity
payplus CWE-89
critical
 9.8
9.8
2024-07-18 CVE-2024-0857 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-07-18 CVE-2024-5618 Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.
network
low complexity
CWE-732
critical
 9.9
9.9
2024-07-18 CVE-2024-5619 Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.
network
low complexity
CWE-639
critical
 9.6
9.6
2024-07-17 CVE-2024-23466 SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability.
low complexity
CWE-22
critical
 9.6
9.6
2024-07-17 CVE-2024-23467 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.
low complexity
CWE-22
critical
 9.6
9.6
2024-07-17 CVE-2024-23469 SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability.
low complexity
CWE-20
critical
 9.6
9.6
2024-07-17 CVE-2024-23470 The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability.
low complexity
CWE-287
critical
 9.6
9.6
2024-07-17 CVE-2024-23471 The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
CWE-287
critical
 9.6
9.6