Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-49217 | Unspecified vulnerability in Madirisalmanaashish Adding Drop Down Roles in Registration Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | 9.8 |
| 2024-10-17 | CVE-2005-10003 | OS Command Injection vulnerability in Mikexstudios Xcomic A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. | 9.8 |
| 2024-10-17 | CVE-2024-9862 | The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. | 9.8 |
| 2024-10-17 | CVE-2024-9863 | The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. | 9.8 |
| 2024-10-16 | CVE-2024-9893 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. | 9.8 |
| 2024-10-16 | CVE-2024-10021 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 9.8 |
| 2024-10-16 | CVE-2024-10022 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. | 9.8 |
| 2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |
| 2024-10-16 | CVE-2024-9061 | Code Injection vulnerability in Themehunk WP Popup Builder The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. | 9.8 |