Security Vulnerabilities - CVEs Published In October 2024
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0.
CVSS Score
10.0
EPSS Score
0.235
Published
2024-10-20
Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-10-20
Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2.
CVSS Score
10.0
EPSS Score
0.005
Published
2024-10-20
Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
CVSS Score
10.0
EPSS Score
0.008
Published
2024-10-20
Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0.
CVSS Score
10.0
EPSS Score
0.006
Published
2024-10-20
Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3.
CVSS Score
10.0
EPSS Score
0.006
Published
2024-10-20
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-20
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor easy-addons-for-elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through <= 1.5.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-20
Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-20
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through <= 1.0.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-10-20