Show filters
2,831 Total Results
Displaying 81-90 of 2,831
Sort by:
Attacker Value
Unknown
CVE-2023-48779
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in 360 Javascript Viewer 360 Javascript Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through 1.7.11.
0
Attacker Value
Unknown
CVE-2023-47830
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
0
Attacker Value
Unknown
CVE-2023-30479
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through 2.3.2.
0
Attacker Value
Unknown
CVE-2023-27625
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
0
Attacker Value
Unknown
CVE-2023-23986
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business: from n/a through 4.14.
0
Attacker Value
Unknown
CVE-2023-23814
Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.
0
Attacker Value
Unknown
CVE-2024-11429
Disclosure Date: December 05, 2024 (last updated December 21, 2024)
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
0
Attacker Value
Unknown
CVE-2024-5020
Disclosure Date: December 04, 2024 (last updated December 21, 2024)
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-52484
Disclosure Date: December 02, 2024 (last updated December 21, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1.
0
Attacker Value
Unknown
CVE-2024-10490
Disclosure Date: December 02, 2024 (last updated December 21, 2024)
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
0