6.4
CVE-2024-11874 - Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenβ¦
4.3
CVE-2024-11915 - RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access anβ¦
6.4
CVE-2024-11758 - WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with β¦
2.6
CVE-2024-42175 - HCL MyXalytics is affected by a weak input validation vulnerability
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.
3.7
CVE-2024-42174 - HCL MyXalytics is affected by username enumeration vulnerability
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and thereforeΒ compile a list of valid usernames.
4.8
CVE-2024-42173 - HCL MyXalytics is affected by an improper password policy implementation vulnerability
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.
5.3
CVE-2024-42172 - HCL MyXalytics is affected by broken authentication
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wiβ¦
6.4
CVE-2024-42171 - HCL MyXalytics is affected by insufficient session expiration
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.
6.8
CVE-2024-42170 - HCL MyXalytics is affected by a session fixation vulnerability
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.
6.1
CVE-2024-12587 - Contact Form Master <= 1.0.7 - Reflected XSS
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.