Skip to main content
CVE-2024-8624 CRITICAL PATCH Act Now

The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-8791 CRITICAL PATCH Act Now

The Donation Forms by Charitable - Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Charitable
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8671 CRITICAL Act Now

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress Wooevents
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy