5.4
CVE-2024-10460 - firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.5
CVE-2024-10459 - firefox: thunderbird: Use-after-free in layout with accessibility
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
6.5
CVE-2024-10458 - firefox: thunderbird: Permission leak via embed or object elements
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
7.1
CVE-2024-49643 - WordPress Whitelist plugin <= 3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment Whitelist fifthsegment-whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through <= 3.5.
7.1
CVE-2024-49645 - WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through <= 1.4.8.
7.1
CVE-2024-49646 - WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ioannup Code Generate code-generator allows Reflected XSS.This issue affects Code Generate: from n/a through <= 1.0.
7.1
CVE-2024-49647 - WordPress Simple Custom Admin plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin simple-custom-admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through <= 1.2.
7.1
CVE-2024-49648 - WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi SVG Captcha svg-captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through <= 1.0.11.
7.1
CVE-2024-49650 - WordPress BuddyPress Greeting Message plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xarbo BuddyPress Greeting Message bp-greeting-message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through <= 1.0.3.
5.1
CVE-2017-20195 - LUNAD3v AreaLoad request.php sql injection
A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This β¦