Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-14 CVE-2024-6482 The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49.
network
low complexity
CWE-269
8.8
2024-09-14 CVE-2024-8246 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11.
network
low complexity
CWE-269
8.8
2024-09-14 CVE-2024-8479 The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3.
network
low complexity
CWE-94
7.3
2024-09-13 CVE-2024-8278 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
network
low complexity
7.2
2024-09-13 CVE-2024-8279 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
network
low complexity
7.2
2024-09-13 CVE-2024-8280 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
network
low complexity
7.2
2024-09-13 CVE-2024-8281 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
network
low complexity
7.2
2024-09-13 CVE-2022-2446 The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9.
network
low complexity
CWE-502
7.2
2024-09-13 CVE-2024-7423 The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1.
network
low complexity
CWE-352
8.8
2024-09-13 CVE-2024-8269 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3.
network
low complexity
7.3