High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a — n/a
|
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | 2024-12-12 | 9.8 | CVE-2024-10124 |
| n/a — n/a
|
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the ‘authenticate_user’ user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator. | 2024-12-12 | 9.8 | CVE-2024-11015 |
| gfi — archiver |
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability al […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |