Security Vulnerabilities - CVEs Published In December 2024
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-12-09
Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.
CVSS Score
5.0
EPSS Score
0.002
Published
2024-12-09
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVSS Score
3.1
EPSS Score
0.004
Published
2024-12-09
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-12-09
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.
CVSS Score
4.7
EPSS Score
0.002
Published
2024-12-09
Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-12-09
Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.
CVSS Score
5.2
EPSS Score
0.003
Published
2024-12-09
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.
All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.
Repositories served via other access methods are not affected.
CVSS Score
3.1
EPSS Score
0.058
Published
2024-12-09
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
6.1
EPSS Score
0.003
Published
2024-12-09
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.051
Published
2024-12-09