Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50495 | Unrestricted Upload of File with Dangerous Type vulnerability in Widgilabs Plugin Propagator 0.1 Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1. | 9.8 |
| 2024-10-28 | CVE-2024-50496 | Unrestricted Upload of File with Dangerous Type vulnerability in Webandprint AR Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. | 10.0 |
| 2024-10-28 | CVE-2024-10449 | SQL Injection vulnerability in Codezips Hospital Appointment System 1.0 A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. | 9.8 |
| 2024-10-28 | CVE-2024-50478 | Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5 Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | 9.8 |
| 2024-10-28 | CVE-2024-50479 | SQL Injection vulnerability in Mansurahamed Woocommerce Quote Calculator Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1. | 9.8 |
| 2024-10-28 | CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | 9.8 |
| 2024-10-28 | CVE-2024-50491 | SQL Injection vulnerability in Micahblu Rsvp ME Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9. | 9.8 |
| 2024-10-28 | CVE-2024-50497 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buynowdepot Advanced Online Ordering and Delivery Platform Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0. | 9.8 |
| 2024-10-28 | CVE-2024-50450 | Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. | 9.8 |
| 2024-10-28 | CVE-2024-50477 | Missing Authentication for Critical Function vulnerability in Stacksmarket Stacks Mobile APP Builder Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | 9.8 |