In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 17-18, 2024.
During this period, The National Vulnerability Database published 339, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 26
High: 74
Medium: 62
Low: 5
Severity Not Assigned: 172
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3551
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
References: https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-34752
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
References: https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-1-5-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2022-45368
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
References: https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-45374
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.
References: https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-2-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-23645
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.
References: https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-23700
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.
References: https://patchstack.com/database/vulnerability/oceanwp/wordpress-oceanwp-theme-3-4-1-authenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-23888
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
References: https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-107-2-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-23988
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.
References: https://patchstack.com/database/vulnerability/my-tickets/wordpress-my-tickets-plugin-1-9-11-payment-bypass-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-23990
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0.
References: https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirection-for-contact-form-7-plugin-2-7-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-25050
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.
References: https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-6-arbitrary-file-download-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-25444
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.
References: https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-25701
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
References: https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-26009
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.
References: https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-26526
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
References: https://patchstack.com/database/vulnerability/bookly-responsive-appointment-booking-tool/wordpress-bookly-plugin-21-7-1-authenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-26540
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
References: https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-32110
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.
References: https://patchstack.com/database/vulnerability/jupiterx/wordpress-jupiterx-theme-3-0-0-subscriber-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-32244
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.
References: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-32297
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6.
References: https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-35881
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.
References: https://patchstack.com/database/vulnerability/woocommerce-one-page-checkout/wordpress-woocommerce-one-page-checkout-plugin-2-3-0-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-37385
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6.
References: https://patchstack.com/database/vulnerability/consulting/wordpress-consulting-theme-6-3-6-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-37389
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.
References: https://patchstack.com/database/vulnerability/booking-package/wordpress-booking-package-saasproject-plugin-1-5-98-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-37866
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.
References: https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-0-8-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-37888
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0.
References: https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-14-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-37999
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-38399
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.
References: https://patchstack.com/database/vulnerability/auxin-portfolio/wordpress-phlox-portfolio-plugin-2-3-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-39163
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0.
References: https://patchstack.com/database/vulnerability/auxin-shop/wordpress-phlox-shop-plugin-2-0-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-41243
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
References: https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-backup-plugin-plugin-0-9-90-privilege-escalation-on-staging-environment-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-41665
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
References: https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-41954
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
References: https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-41955
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
References: https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-8-8-contributor-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-41956
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
References: https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-41957
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
References: https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-unauthenticated-membership-role-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-31351
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
References: https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-33556
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
References: https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-limited-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-44478
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.
References: https://patchstack.com/database/vulnerability/rich-snippets-vevents/wordpress-events-rich-snippets-for-google-plugin-1-8-csrf-leading-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-46145
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.
References: https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-46197
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
References: https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-19-unauthenticated-subscriber-email-addresses-disclosure?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-46205
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14.
References: https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-46784
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3.
References: https://patchstack.com/database/vulnerability/ics-calendar/wordpress-ics-calendar-plugin-10-12-0-2-ssrf-and-arbitrary-file-read-vulnerability?_s_id=cve
CWE-ID: CWE-22 CWE-918
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-47178
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.
References: https://patchstack.com/database/vulnerability/theplus_elementor_addon/wordpress-the-plus-addons-for-elementor-pro-plugin-5-2-8-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-47682
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
References: https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-3-6-5-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-47683
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
References: https://patchstack.com/database/vulnerability/miniorange-login-openid/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-47782
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
References: https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-47868
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
References: https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-48757
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/jet-engine/wordpress-jetengine-plugin-3-2-4-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-49753
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
References: https://patchstack.com/database/vulnerability/adifier-system/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-50890
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
References: https://patchstack.com/database/vulnerability/ultimate-elementor/wordpress-ultimate-addons-for-elementor-plugin-1-36-20-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-51356
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-51398
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.
References: https://patchstack.com/database/vulnerability/bb-ultimate-addon/wordpress-ultimate-addons-for-beaver-builder-premium-plugin-1-35-14-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-51424
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.
References: https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-51476
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.
References: https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-51479
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
References: https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-51481
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
References: https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-51483
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
References: https://patchstack.com/database/vulnerability/wp-front-end-profile/wordpress-wp-frontend-profile-plugin-1-3-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-51546
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
References: https://patchstack.com/database/vulnerability/print-invoices-packing-slip-labels-for-woocommerce/wordpress-woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-plugin-4-2-1-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-22145
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-22157
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.
References: https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-24869
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
References: https://patchstack.com/database/vulnerability/boldgrid-backup/wordpress-total-upkeep-plugin-1-15-8-arbitrary-file-download-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-24882
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.
References: https://patchstack.com/database/vulnerability/learning-management-system/wordpress-lms-by-masteriyo-plugin-1-7-2-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-24934
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-19-0-arbitrary-file-deletion-and-phar-deserialization-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-27954
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-file-download-and-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-27955
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-27971
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10.
References: https://patchstack.com/database/vulnerability/woo-permalink-manager/wordpress-premmerce-permalink-manager-for-woocommerce-plugin-2-3-10-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-30527
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.
References: https://patchstack.com/database/vulnerability/wp-express-checkout/wordpress-wp-express-checkout-plugin-2-3-7-price-manipulation-vulnerability?_s_id=cve
CWE-ID: CWE-1284
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-30542
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
References: https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
66. CVE-2024-31231
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
References: https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
67. CVE-2024-31232
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
References: https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
68. CVE-2024-31237
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.
References: https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-31290
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.
References: https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-31300
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.
References: https://patchstack.com/database/vulnerability/easy-social-share-buttons3/wordpress-easy-social-share-buttons-plugin-9-4-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-32507
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Hamid Alinia – idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16.
References: https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-32511
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.
References: https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-32523
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.3
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6.
References: https://patchstack.com/database/vulnerability/mailster/wordpress-mailster-plugin-4-0-6-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-32680
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2.
References: https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-22 CWE-94
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-33549
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.
References: https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-33550
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.
References: https://patchstack.com/database/vulnerability/wp-masquerade/wordpress-wp-masquerade-plugin-1-1-0-authenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-33552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
References: https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
78. CVE-2024-33567
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
References: https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
79. CVE-2024-33569
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
References: https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
80. CVE-2024-33644
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.
References: https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
81. CVE-2024-34370
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
References: https://patchstack.com/database/vulnerability/ean-for-woocommerce/wordpress-ean-for-woocommerce-plugin-4-8-9-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
82. CVE-2024-22120
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
References: https://support.zabbix.com/browse/ZBX-24505
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
83. CVE-2024-32692
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
References: https://patchstack.com/database/vulnerability/chauffeur-booking-system/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-broken-authentication-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
84. CVE-2024-32809
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.
References: https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-41-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
85. CVE-2024-32830
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
References: https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
86. CVE-2024-32959
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.
References: https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
87. CVE-2024-32960
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
References: https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-12-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
88. CVE-2024-5052
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/resource-consumption-vulnerability-cerberus-ftp-enterprise
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
89. CVE-2024-5055
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
90. CVE-2024-5046
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264743.
References: https://github.com/CveSecLook/cve/issues/32
https://vuldb.com/?ctiid.264743
https://vuldb.com/?id.264743
https://vuldb.com/?submit.335527
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
91. CVE-2024-5047
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.
References: https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md
https://vuldb.com/?ctiid.264744
https://vuldb.com/?id.264744
https://vuldb.com/?submit.335633
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
92. CVE-2024-22429
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
References: https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
93. CVE-2024-3289
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2024-08
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
94. CVE-2024-3290
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
References: https://www.tenable.com/security/tns-2024-08
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
95. CVE-2024-3291
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2024-09
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
96. CVE-2024-3292
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292
References: https://www.tenable.com/security/tns-2024-09
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
97. CVE-2021-22508
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.
References: https://support.microfocus.com/kb/kmdoc.php?id=KM03793174
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
98. CVE-2024-5063
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md
https://vuldb.com/?ctiid.264922
https://vuldb.com/?id.264922
https://vuldb.com/?submit.336236
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
99. CVE-2024-5064
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md
https://vuldb.com/?ctiid.264923
https://vuldb.com/?id.264923
https://vuldb.com/?submit.336238
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
100. CVE-2024-5065
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md
https://vuldb.com/?ctiid.264924
https://vuldb.com/?id.264924
https://vuldb.com/?submit.336239
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 17-18, 2024.
During this period, The National Vulnerability Database published 339, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 26
High: 74
Medium: 62
Low: 5
Severity Not Assigned: 172
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3551
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
References: https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-34752
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
References: https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-1-5-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2022-45368
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
References: https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-45374
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.
References: https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-2-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-23645
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.
References: https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-23700
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.
References: https://patchstack.com/database/vulnerability/oceanwp/wordpress-oceanwp-theme-3-4-1-authenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-23888
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
References: https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-107-2-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-23988
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.
References: https://patchstack.com/database/vulnerability/my-tickets/wordpress-my-tickets-plugin-1-9-11-payment-bypass-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-23990
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0.
References: https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirection-for-contact-form-7-plugin-2-7-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-25050
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.
References: https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-6-arbitrary-file-download-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-25444
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.
References: https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-25701
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
References: https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-26009
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.
References: https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-26526
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
References: https://patchstack.com/database/vulnerability/bookly-responsive-appointment-booking-tool/wordpress-bookly-plugin-21-7-1-authenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-26540
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
References: https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-32110
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.
References: https://patchstack.com/database/vulnerability/jupiterx/wordpress-jupiterx-theme-3-0-0-subscriber-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-32244
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.
References: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-privilege-escalation?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-32297
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6.
References: https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-35881
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.
References: https://patchstack.com/database/vulnerability/woocommerce-one-page-checkout/wordpress-woocommerce-one-page-checkout-plugin-2-3-0-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-37385
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6.
References: https://patchstack.com/database/vulnerability/consulting/wordpress-consulting-theme-6-3-6-local-file-inclusion?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-37389
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.
References: https://patchstack.com/database/vulnerability/booking-package/wordpress-booking-package-saasproject-plugin-1-5-98-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-37866
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.
References: https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-0-8-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-37888
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0.
References: https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-14-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-37999
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-38399
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.
References: https://patchstack.com/database/vulnerability/auxin-portfolio/wordpress-phlox-portfolio-plugin-2-3-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-39163
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0.
References: https://patchstack.com/database/vulnerability/auxin-shop/wordpress-phlox-shop-plugin-2-0-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-41243
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
References: https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-backup-plugin-plugin-0-9-90-privilege-escalation-on-staging-environment-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-41665
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
References: https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-41954
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
References: https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-41955
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
References: https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-8-8-contributor-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-41956
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
References: https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-41957
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
References: https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-unauthenticated-membership-role-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-31351
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
References: https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-33556
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
References: https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-limited-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-44478
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.
References: https://patchstack.com/database/vulnerability/rich-snippets-vevents/wordpress-events-rich-snippets-for-google-plugin-1-8-csrf-leading-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-46145
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.
References: https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-46197
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
References: https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-19-unauthenticated-subscriber-email-addresses-disclosure?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-46205
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14.
References: https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-46784
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3.
References: https://patchstack.com/database/vulnerability/ics-calendar/wordpress-ics-calendar-plugin-10-12-0-2-ssrf-and-arbitrary-file-read-vulnerability?_s_id=cve
CWE-ID: CWE-22 CWE-918
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-47178
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.
References: https://patchstack.com/database/vulnerability/theplus_elementor_addon/wordpress-the-plus-addons-for-elementor-pro-plugin-5-2-8-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-47682
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
References: https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-3-6-5-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-47683
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
References: https://patchstack.com/database/vulnerability/miniorange-login-openid/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-47782
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
References: https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-47868
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
References: https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-48757
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/jet-engine/wordpress-jetengine-plugin-3-2-4-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-49753
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
References: https://patchstack.com/database/vulnerability/adifier-system/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-50890
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
References: https://patchstack.com/database/vulnerability/ultimate-elementor/wordpress-ultimate-addons-for-elementor-plugin-1-36-20-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-51356
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-51398
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.
References: https://patchstack.com/database/vulnerability/bb-ultimate-addon/wordpress-ultimate-addons-for-beaver-builder-premium-plugin-1-35-14-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-51424
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.
References: https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-51476
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.
References: https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-51479
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
References: https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-51481
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
References: https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-51483
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
References: https://patchstack.com/database/vulnerability/wp-front-end-profile/wordpress-wp-frontend-profile-plugin-1-3-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-51546
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
References: https://patchstack.com/database/vulnerability/print-invoices-packing-slip-labels-for-woocommerce/wordpress-woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-plugin-4-2-1-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-22145
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-22157
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.
References: https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-24869
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
References: https://patchstack.com/database/vulnerability/boldgrid-backup/wordpress-total-upkeep-plugin-1-15-8-arbitrary-file-download-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-24882
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.
References: https://patchstack.com/database/vulnerability/learning-management-system/wordpress-lms-by-masteriyo-plugin-1-7-2-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-24934
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-19-0-arbitrary-file-deletion-and-phar-deserialization-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-27954
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-file-download-and-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-27955
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-27971
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10.
References: https://patchstack.com/database/vulnerability/woo-permalink-manager/wordpress-premmerce-permalink-manager-for-woocommerce-plugin-2-3-10-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-30527
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.
References: https://patchstack.com/database/vulnerability/wp-express-checkout/wordpress-wp-express-checkout-plugin-2-3-7-price-manipulation-vulnerability?_s_id=cve
CWE-ID: CWE-1284
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-30542
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
References: https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
66. CVE-2024-31231
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
References: https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
67. CVE-2024-31232
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
References: https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
68. CVE-2024-31237
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.
References: https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
69. CVE-2024-31290
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.
References: https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
70. CVE-2024-31300
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.
References: https://patchstack.com/database/vulnerability/easy-social-share-buttons3/wordpress-easy-social-share-buttons-plugin-9-4-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
71. CVE-2024-32507
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Hamid Alinia – idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16.
References: https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
72. CVE-2024-32511
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.
References: https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
73. CVE-2024-32523
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.3
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6.
References: https://patchstack.com/database/vulnerability/mailster/wordpress-mailster-plugin-4-0-6-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
74. CVE-2024-32680
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2.
References: https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-22 CWE-94
Common Platform Enumerations (CPE): Not Found
75. CVE-2024-33549
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.
References: https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
76. CVE-2024-33550
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.
References: https://patchstack.com/database/vulnerability/wp-masquerade/wordpress-wp-masquerade-plugin-1-1-0-authenticated-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
77. CVE-2024-33552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
References: https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
78. CVE-2024-33567
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
References: https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
79. CVE-2024-33569
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
References: https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
80. CVE-2024-33644
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.
References: https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
81. CVE-2024-34370
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
References: https://patchstack.com/database/vulnerability/ean-for-woocommerce/wordpress-ean-for-woocommerce-plugin-4-8-9-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
82. CVE-2024-22120
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
References: https://support.zabbix.com/browse/ZBX-24505
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
83. CVE-2024-32692
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
References: https://patchstack.com/database/vulnerability/chauffeur-booking-system/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-broken-authentication-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
84. CVE-2024-32809
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.
References: https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-41-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
85. CVE-2024-32830
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
References: https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
86. CVE-2024-32959
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.
References: https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
87. CVE-2024-32960
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
References: https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-12-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
88. CVE-2024-5052
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/resource-consumption-vulnerability-cerberus-ftp-enterprise
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
89. CVE-2024-5055
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
90. CVE-2024-5046
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264743.
References: https://github.com/CveSecLook/cve/issues/32
https://vuldb.com/?ctiid.264743
https://vuldb.com/?id.264743
https://vuldb.com/?submit.335527
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
91. CVE-2024-5047
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.
References: https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md
https://vuldb.com/?ctiid.264744
https://vuldb.com/?id.264744
https://vuldb.com/?submit.335633
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
92. CVE-2024-22429
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
References: https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
93. CVE-2024-3289
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2024-08
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
94. CVE-2024-3290
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
References: https://www.tenable.com/security/tns-2024-08
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
95. CVE-2024-3291
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2024-09
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
96. CVE-2024-3292
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292
References: https://www.tenable.com/security/tns-2024-09
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
97. CVE-2021-22508
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.
References: https://support.microfocus.com/kb/kmdoc.php?id=KM03793174
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
98. CVE-2024-5063
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md
https://vuldb.com/?ctiid.264922
https://vuldb.com/?id.264922
https://vuldb.com/?submit.336236
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
99. CVE-2024-5064
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md
https://vuldb.com/?ctiid.264923
https://vuldb.com/?id.264923
https://vuldb.com/?submit.336238
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
100. CVE-2024-5065
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.
References: https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md
https://vuldb.com/?ctiid.264924
https://vuldb.com/?id.264924
https://vuldb.com/?submit.336239
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found