8.8
CVE-2024-4303 - ArmorX Android APP - MFA Bypass
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP.
4.3
CVE-2024-33686 - Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea Wโฆ
6.1
CVE-2024-4302 - Super 8 livechat SDK - Cross-site Scripting
Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks.
6.5
CVE-2024-33537 - WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.
6.5
CVE-2024-33539 - WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35.
6.5
CVE-2024-33540 - WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6.
7.1
CVE-2024-33548 - WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10.
7.1
CVE-2024-33554 - WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5.
7.1
CVE-2024-33562 - WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.
7.1
CVE-2024-33571 - WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.6.