6.4
CVE-2024-11755 - IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acceβ¦
5.3
CVE-2024-12578 - Tickera β WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure
The Tickera β WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, emaβ¦
6.4
CVE-2024-11865 - Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to injeβ¦
6.4
CVE-2024-11867 - Companion Portfolio β Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored β¦
The Companion Portfolio β Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributβ¦
6.4
CVE-2024-11889 - My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auβ¦
6.4
CVE-2024-11873 - glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentiβ¦
6.1
CVE-2024-12555 - SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted theβ¦
9.1
CVE-2023-29476 -
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+.
6.5
CVE-2024-12553 - GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credeβ¦
7.8
CVE-2024-12552 - Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order β¦