6.4
CVE-2024-12520 - Dominion โ Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scโฆ
The Dominion โ Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attriโฆ
4.3
CVE-2024-12116 - Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Diโฆ
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated aโฆ
6.4
CVE-2024-12519 - TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autheโฆ
6.4
CVE-2024-11874 - Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenโฆ
4.3
CVE-2024-11915 - RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access anโฆ
6.4
CVE-2024-11758 - WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with โฆ
2.6
CVE-2024-42175 - HCL MyXalytics is affected by a weak input validation vulnerability
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.
3.7
CVE-2024-42174 - HCL MyXalytics is affected by username enumeration vulnerability
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and thereforeย compile a list of valid usernames.
4.8
CVE-2024-42173 - HCL MyXalytics is affected by an improper password policy implementation vulnerability
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.
5.3
CVE-2024-42172 - HCL MyXalytics is affected by broken authentication
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wiโฆ