v.26.4.2314

High Severity Vulnerabilities

Found 13126 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

WordPress Plugin Social Sharing-Social Warfare Malicious Code (4.4.7.1)

CVE-2024-6297

CWE-506

High

WordPress Plugin Squeeze Arbitrary File Upload (1.4)

CVE-2024-35767

CWE-434

High

WordPress Plugin Startklar Elementor Addons Arbitrary File Deletion (1.7.13)

CVE-2024-4346

CWE-73

High

WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)

CVE-2024-4345

CWE-434

High

WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)

CVE-2024-5153

CWE-22

High

WordPress Plugin stm-megamenu Local File Inclusion (2.3.12)

CVE-2024-35677

CWE-22

High

WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)

CVE-2024-5204

CWE-287

High

WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.8)

-

CWE-862

High

WordPress Plugin Themify-WooCommerce Product Filter SQL Injection (1.4.9)

CVE-2024-6027

CWE-89

High

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Cross-Site Scripting (1.5.107)

CVE-2024-3190

CWE-79

High

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)

CVE-2023-6743

CWE-94

High

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.109)

CVE-2024-5329

CWE-89

High

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.107)

CVE-2024-4779

CWE-89

High

WordPress Plugin User Registration-Custom Registration Form, Login Form, and User Profile Privilege Escalation (3.2.0.1)

CVE-2024-4958

CWE-269

High

WordPress Plugin Visual Website Collaboration, Feedback & Project Management-Atarim Cross-Site Scripting (3.30)

CVE-2024-2793

CWE-79

High

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress SQL Injection (3.11.1)

CVE-2024-35736

CWE-89

High

WordPress Plugin Web Directory Free SQL Injection (1.6.9)

CVE-2024-3552

CWE-89

High

WordPress Plugin WishList Member X Remote Code Execution (3.25.1)

CVE-2024-37109

CWE-94

High

WordPress Plugin WishList Member X SQL Injection (3.25.1)

CVE-2024-37112

CWE-89

High

WordPress Plugin WooCommerce Cross-Site Scripting (8.9.2)

CVE-2024-37297

CWE-79

High

WordPress Plugin Woocommerce-Recent Purchases Local File Inclusion (1.0.1)

CVE-2024-35634

CWE-22

High

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

CVE-2024-5021

CWE-918

High

WordPress Plugin WP Hotel Booking SQL Injection (2.1.0)

CVE-2024-3605

CWE-89

High

WordPress Plugin WP Logs Book Cross-Site Scripting (1.0.1)

CVE-2024-4477

CWE-79

High

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Security Bypass (16.26.6)

CVE-2024-1175

CWE-862

High

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More SQL Injection (16.26.5)

CVE-2024-32709

CWE-89

High

WordPress Plugin WP Server Health Stats Malicious Code (1.7.6)

CVE-2024-6297

CWE-506

High

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)

CVE-2024-3412

CWE-434

High

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)

CVE-2024-3682

CWE-200

High

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Server-Side Request Forgery (3.4.3)

CVE-2024-4469

CWE-918

High

WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)

CVE-2023-6037

CWE-79

High

WordPress Plugin WP TripAdvisor Review Slider SQL Injection (12.6)

CVE-2024-35630

CWE-89

High

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) Security Bypass (6.3.2)

CVE-2024-3821

CWE-862

High

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) SQL Injection (6.3.1)

CVE-2024-3820

CWE-89

High

WordPress Plugin wpForo Forum SQL Injection (2.3.3)

CVE-2024-3200

CWE-89

High

WordPress Plugin Wrapper Link Elementor Malicious Code (1.0.3)

CVE-2024-6297

CWE-506

High

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress SQL Injection (1.2.5)

CVE-2024-4742

CWE-89

High

WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)

CVE-2024-37225

CWE-89

High

WordPress Plugin Advanced AJAX Page Loader Cross-Site Request Forgery (2.7.7)

CVE-2024-6310

CWE-352

High

WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)

CVE-2024-37501

CWE-22

High

WordPress Plugin Advanced File Manager Directory Traversal (5.1)

CVE-2023-3814

CWE-22

High

WordPress Plugin Advanced File Manager Information Disclosure (5.2.4)

CVE-2024-5598

CWE-200

High

WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress Arbitrary File Creation (1.1.5)

CVE-2024-6467

CWE-73

High

WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress Security Bypass (1.1.5)

CVE-2024-6660

CWE-863

High

WordPress Plugin Attachment File Icons (AF Icons) Cross-Site Request Forgery (1.3)

CVE-2024-6309

CWE-352

High

WordPress Plugin Auto Featured Image Arbitrary File Upload (1.2)

CVE-2024-6054

CWE-434

High

WordPress Plugin AWSM Team-Team Showcase Local File Inclusion (1.3.1)

CVE-2024-37454

CWE-22

High

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)

CVE-2024-38717

CWE-22

High

WordPress Plugin Brafton Cross-Site Scripting (3.4.7)

CVE-2016-10973

CWE-79

High

WordPress Plugin Britetechs Companion Malicious Code (2.2.7)

CVE-2024-6297

CWE-506

High

WordPress Plugin Brizy-Page Builder Arbitrary File Upload (2.4.44)

CVE-2024-3242

CWE-434

High

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.4.43)

CVE-2024-3711

CWE-862

High

WordPress Plugin Brizy-Page Builder Security Bypass (2.4.44)

CVE-2024-1937

CWE-862

High

WordPress Plugin Brizy-Page Builder Unspecified Vulnerability (2.4.45)

-

-

High

WordPress Plugin Church Admin Arbitrary File Upload (4.4.6)

CVE-2024-37418

CWE-434

High

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) Cross-Site Scripting (3.2.0)

CVE-2024-4869

CWE-79

High

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) CSV Injection (2.2.5)

CVE-2023-23678

CWE-1236

High

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) Security Bypass (3.0.2)

CVE-2024-3599

CWE-862

High

WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)

CVE-2024-6161

CWE-434

High

WordPress Plugin Digital River Global Commerce Supply Chain Attack [Polyfill.io] (2.0.2)

-

CWE-1372

High

WordPress Plugin DirectoryPress-Business Directory And Classified Ad Listing SQL Injection (3.6.10)

CVE-2024-38755

CWE-89

High

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Security Bypass (5.7.26)

CVE-2024-5703

CWE-862

High

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.25)

CVE-2024-6172

CWE-89

High

WordPress Plugin Event post Local File Inclusion (5.9.5)

CVE-2024-38735

CWE-22

High

WordPress Plugin Events Calendar for Google Local File Inclusion (2.1.0)

CVE-2024-38716

CWE-22

High

WordPress Plugin ExS Widgets Local File Inclusion (0.3.1)

CVE-2024-38715

CWE-22

High

WordPress Plugin File Manager Advanced Shortcode Arbitrary File Upload (2.5.3)

CVE-2023-7061

CWE-434

High

WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)

CVE-2023-7062

CWE-22

High

WordPress Plugin Filter & Grids Local File Inclusion (2.8.32)

CVE-2024-6164

CWE-22

High

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.10)

CVE-2024-5325

CWE-89

High

WordPress Plugin FormLift for Infusionsoft Web Forms SQL Injection (7.5.17)

CVE-2024-38773

CWE-89

High

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.46.7212)

CVE-2024-6338

CWE-89

High

WordPress Plugin Gutenberg Forms-WordPress Form Builder Arbitrary File Upload (2.2.9)

CVE-2024-6313

CWE-434

High

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce SQL Injection (1.3.6)

CVE-2024-6457

CWE-89

High

WordPress Plugin Import Spreadsheets from Microsoft Excel Arbitrary File Upload (10.1.4)

CVE-2024-38734

CWE-434

High