CVE List - 2024 / July
Showing 601 - 700 of 3115 CVEs for July 2024 (Page 7 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5802 | 2024-07-09 | URL Shortener by MyThemeShop <= 1.0.17 - Admin+ Stored XSS |
| CVE-2024-6334 | 2024-07-09 | Easy Table of Contents < 2.0.67 - Editor+ Stored XSS |
| CVE-2024-22062 | 2024-07-09 | Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI |
| CVE-2024-28747 | 2024-07-09 | ifm: Use of Hard-coded Credentials |
| CVE-2024-28748 | 2024-07-09 | ifm: Reading function in Smart PLC allows command injections |
| CVE-2024-28749 | 2024-07-09 | ifm: Writing file function in Smart PLC allows command injections |
| CVE-2024-28750 | 2024-07-09 | ifm: Deleting function in Smart PLC allows command injections |
| CVE-2024-28751 | 2024-07-09 | ifm: Hardcoded telnet credentials in Smart PLC |
| CVE-2024-37555 | 2024-07-09 | WordPress Generate PDF using Contact Form 7 plugin <= 4.0.6 - Arbitrary File Upload vulnerability |
| CVE-2024-6161 | 2024-07-09 | Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-37923 | 2024-07-09 | WordPress Cliengo - Chatbot plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-6180 | 2024-07-09 | EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates |
| CVE-2024-6317 | 2024-07-09 | Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-6316 | 2024-07-09 | Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-6123 | 2024-07-09 | Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2024-5881 | 2024-07-09 | Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode |
| CVE-2024-6309 | 2024-07-09 | Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-6313 | 2024-07-09 | Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload |
| CVE-2024-6314 | 2024-07-09 | IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload |
| CVE-2024-6310 | 2024-07-09 | Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-6321 | 2024-07-09 | ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-6320 | 2024-07-09 | ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-5993 | 2024-07-09 | Cliengo - Chatbot <= 3.0.1 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update |
| CVE-2024-5479 | 2024-07-09 | Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-6167 | 2024-07-09 | Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions |
| CVE-2024-5704 | 2024-07-09 | XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-5810 | 2024-07-09 | WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials |
| CVE-2024-3608 | 2024-07-09 | Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion |
| CVE-2024-5600 | 2024-07-09 | Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-4868 | 2024-07-09 | Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget |
| CVE-2024-4100 | 2024-07-09 | Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax() |
| CVE-2024-5856 | 2024-07-09 | Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion |
| CVE-2024-5648 | 2024-07-09 | LearnDash LMS - Reports Free <= 1.8.2 - Missing Authorization to Plugin Settings Update |
| CVE-2024-3603 | 2024-07-09 | OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3228 | 2024-07-09 | Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure |
| CVE-2024-5457 | 2024-07-09 | Panda Video <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5456 | 2024-07-09 | Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-6168 | 2024-07-09 | Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via AJAX actions |
| CVE-2024-5937 | 2024-07-09 | Simple Alert Boxes <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode |
| CVE-2024-5992 | 2024-07-09 | Cliengo - Chatbot <= 3.0.1 - Missing Authorization to Unauthenticated Chatbot Settings Update |
| CVE-2024-4102 | 2024-07-09 | Pricing Table <= 2.0.1 - Missing Authorization |
| CVE-2024-6069 | 2024-07-09 | Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation/Deactivation |
| CVE-2024-5669 | 2024-07-09 | XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-3604 | 2024-07-09 | OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-3563 | 2024-07-09 | Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes |
| CVE-2024-37502 | 2024-07-09 | WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability |
| CVE-2024-37494 | 2024-07-09 | WordPress Youzify plugin <= 1.2.5 - SQL Injection vulnerability |
| CVE-2024-37486 | 2024-07-09 | WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability |
| CVE-2024-37256 | 2024-07-09 | WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability |
| CVE-2024-37225 | 2024-07-09 | WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability |
| CVE-2024-37112 | 2024-07-09 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability |
| CVE-2024-37090 | 2024-07-09 | SQL Injection vulnerability in multiple StylemixThemes premium themes |
| CVE-2023-3285 | 2024-07-09 | A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0 |
| CVE-2024-39487 | 2024-07-09 | bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() |
| CVE-2024-35777 | 2024-07-09 | WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability |
| CVE-2024-37224 | 2024-07-09 | WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability |
| CVE-2024-37253 | 2024-07-09 | WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability |
| CVE-2024-37266 | 2024-07-09 | WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability |
| CVE-2024-37268 | 2024-07-09 | WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability |
| CVE-2024-37410 | 2024-07-09 | WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability |
| CVE-2024-37418 | 2024-07-09 | WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability |
| CVE-2024-37419 | 2024-07-09 | WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2023-3287 | 2024-07-09 | A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0 |
| CVE-2024-37420 | 2024-07-09 | WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability |
| CVE-2023-3286 | 2024-07-09 | A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0 |
| CVE-2024-37424 | 2024-07-09 | WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability |
| CVE-2023-3290 | 2024-07-09 | A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0 |
| CVE-2023-3289 | 2024-07-09 | A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0 |
| CVE-2023-38047 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0. |
| CVE-2023-38048 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0 |
| CVE-2023-38049 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0 |
| CVE-2023-38050 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0 |
| CVE-2023-38051 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0 |
| CVE-2023-38052 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0 |
| CVE-2023-38053 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0 |
| CVE-2023-38054 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0 |
| CVE-2023-38055 | 2024-07-09 | A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0 |
| CVE-2023-3288 | 2024-07-09 | A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0 |
| CVE-2024-37430 | 2024-07-09 | WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability |
| CVE-2024-37437 | 2024-07-09 | WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability |
| CVE-2024-37442 | 2024-07-09 | WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability |
| CVE-2024-37454 | 2024-07-09 | WordPress AWSM Team – Team Showcase Plugin plugin <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2024-37455 | 2024-07-09 | WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability |
| CVE-2024-37462 | 2024-07-09 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2024-5631 | 2024-07-09 | Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption.... |
| CVE-2024-5632 | 2024-07-09 | Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change... |
| CVE-2024-5633 | 2024-07-09 | Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service... |
| CVE-2024-5634 | 2024-07-09 | Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password... |
| CVE-2024-5946 | 2024-07-09 | Squelch Tabs and Accordions Shortcodes <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode |
| CVE-2024-4862 | 2024-07-09 | WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-6391 | 2024-07-09 | oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode |
| CVE-2024-37464 | 2024-07-09 | WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability |
| CVE-2024-37484 | 2024-07-09 | WordPress Zephyr Project Manager plugin <= 3.3.97 - Privilege Escalation vulnerability |
| CVE-2024-37497 | 2024-07-09 | WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-37499 | 2024-07-09 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability |
| CVE-2024-37501 | 2024-07-09 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.1.3 - Local File Inclusion vulnerability |
| CVE-2024-3596 | 2024-07-09 | RADIUS Protocol under RFC2865 is vulnerable to forgery attacks. |
| CVE-2022-45147 | 2024-07-09 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions... |
| CVE-2023-32735 | 2024-07-09 | A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP... |
| CVE-2023-32737 | 2024-07-09 | A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input.... |