- CVE-2024-38652: Ivanti Avalanche deleteSkin Directory Traversal Arbitrary File Deletion Vulnerability
- CVE-2024-6814: NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
- CVE-2024-39943: rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
- CVE-2024-6028: Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter
- CVE-2024-4898: InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
- CVE-2024-3922: Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
- CVE-2024-4295: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
- CVE-2024-5326: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update
- CVE-2024-5522: HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection
- CVE-2024-3293: rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
- CVE-2024-3552: Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection
- CVE-2024-4443: Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter
- CVE-2024-3495: Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
- CVE-2024-27972: WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution
- CVE-2024-4352: Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
- CVE-2024-32523: Mailster <= 4.0.6 - Unauthenticated Local File Inclusion
- CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
- CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
- CVE-2024-32709: WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection
- CVE-2024-30491: ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection
- CVE-2024-27971: WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion
- CVE-2024-27956: WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection
- CVE-2024-55663: XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
-
Notifications
You must be signed in to change notification settings - Fork 0
truonghuuphuc/Poc
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published