Analysis Summary

CVE-2024-47314 CVSS:7.1

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.

CVE-2024-37106 CVSS:8.2

Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.

CVE-2024-37108 CVSS:7.7

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.

CVE-2024-37232 CVSS:8.8

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.

CVE-2024-37277 CVSS:7.5

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-37423 CVSS:8.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.

CVE-2024-37470 CVSS:8.2

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-38721 CVSS:7.1

Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.

Impact

• Cross-Site Scripting
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-47314
• CVE-2024-37106
• CVE-2024-37108
• CVE-2024-37232
• CVE-2024-37277
• CVE-2024-37423
• CVE-2024-37470
• CVE-2024-38721

Affected Vendors

Remediation

Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.

CVE-2024-47314

CVE-2024-37106

CVE-2024-37108

CVE-2024-37232

CVE-2024-37277

CVE-2024-37423

CVE-2024-37470

CVE-2024-38721