6.4
CVE-2024-11455 - Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fβ¦
4.3
CVE-2024-10532 - Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import
The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to β¦
6.4
CVE-2024-11414 - RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The RecipePress Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Ingredients in all versions up to, and including, 2.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level accesβ¦
6.4
CVE-2024-10164 - Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Crβ¦
The Premium Packages β Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thisβ¦
6.4
CVE-2024-9851 - LSX Tour Operator <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboveβ¦
6.1
CVE-2024-10682 - Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting
The Announcement & Notification Banner β Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticateβ¦
6.1
CVE-2024-11447 - Community by PeepSo β Social Network, Membership, Registration, User Profiles, Premium β Mobile Appβ¦
The Community by PeepSo β Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βfilterβ parameter in all versions up to, and including, 7.0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attβ¦
5.3
CVE-2022-43935 - Switch passwords and authorization IDs are printed in the embedded MLS DB file
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
6.5
CVE-2022-43934 - Weak Key-exchange algorithms
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
4.4
CVE-2022-43933 - configuration secrets are logged in support-save
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, β¦