6.5
CVE-2024-50462 - WordPress Interactive World Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive World Map interactive-world-map allows Stored XSS.This issue affects Interactive World Map: from n/a through <= 3.4.4.
6.5
CVE-2024-50464 - WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through <= 2.5.0.
6.5
CVE-2024-50467 - WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in siteengineai Scrollbar by webxapp β Best vertical/horizontal scrollbars plugin scrollbar-by-webxapp allows Stored XSS.This issue affects Scrollbar by webxapp β Best vertical/horizontal scrollbars pβ¦
6.5
CVE-2024-50468 - WordPress Raptor Editor plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faceleg Raptor Editor wp-raptor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through <= 1.0.20.
6.5
CVE-2024-50469 - WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through <= 0.1.3.1.
5.4
CVE-2024-9629 - Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscriptβ¦
The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with subscribeβ¦
5.3
CVE-2024-49771 - MPXJ has a Potential Path Traversal Vulnerability
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by theβ¦
7.4
CVE-2024-6245 - Default Credentials in ssh service for SmartPlay in Maruti Suzuki
Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.
8.8
CVE-2024-42028 -
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
4.4
CVE-2024-10469 - CERT/CC VINCE versions before 3.0.9 allows authenticated user to access User Management view.
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.