Skip to main content
CVE-2024-6482 HIGH PATCH This Week

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Login With Phone Number
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8246 HIGH PATCH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Buddyforms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8479 HIGH PATCH This Week

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Simple Spoiler
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-8271 HIGH PATCH This Week

The The FOX - Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Fox Currency Switcher Professional For Woocommerce
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-8669 HIGH PATCH This Week

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Backuply
NVD
CVSS 3.1
7.2
EPSS
16.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy