VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-09-14
CVE-2024-6482
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49.
network
low complexity
CWE-269
8.8
8.8
2024-09-14
CVE-2024-8246
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11.
network
low complexity
CWE-269
8.8
8.8
2024-09-14
CVE-2024-8479
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3.
network
low complexity
CWE-94
7.3
7.3
2024-09-13
CVE-2024-8278
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
network
low complexity
7.2
7.2
2024-09-13
CVE-2024-8279
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
network
low complexity
7.2
7.2
2024-09-13
CVE-2024-8280
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
network
low complexity
7.2
7.2
2024-09-13
CVE-2024-8281
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
network
low complexity
7.2
7.2
2024-09-13
CVE-2022-2446
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9.
network
low complexity
CWE-502
7.2
7.2
2024-09-13
CVE-2024-7423
The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1.
network
low complexity
CWE-352
8.8
8.8
2024-09-13
CVE-2024-8269
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3.
network
low complexity
7.3
7.3
«
Previous
1
2
(current)
3
4
5
...
6023
6024
»
Next