Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |
| 2024-10-16 | CVE-2024-9061 | Code Injection vulnerability in Themehunk WP Popup Builder The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. | 9.8 |
| 2024-10-16 | CVE-2018-25105 | Missing Authorization vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. | 9.8 |
| 2024-10-16 | CVE-2019-25217 | The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. | 9.8 |
| 2024-10-16 | CVE-2020-36832 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. | 9.8 |
| 2024-10-16 | CVE-2020-36837 | The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. | 9.9 |
| 2024-10-16 | CVE-2021-4443 | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. | 9.8 |
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1 The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2021-4449 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. | 9.8 |