6.3
CVE-2024-6444 - Bluetooth: ots: missing buffer length check
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
6.3
CVE-2024-6443 - zephyr: out-of-bound read in utf8_trunc
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
6.3
CVE-2024-6442 - Bluetooth: ASCS Unchecked tailroom of the response buffer
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
6.4
CVE-2024-9242 - Memberful β Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting
The Memberful β Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on β¦
6.4
CVE-2024-8804 - Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contβ¦
6.1
CVE-2024-9237 - Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting
The Fish and Ships β Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unβ¦
6.4
CVE-2024-8519 - Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Member β User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitizβ¦
5.3
CVE-2024-8520 - Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change
The Ultimate Member β User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or β¦
6.1
CVE-2024-9384 - Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackerβ¦
6.4
CVE-2024-9445 - Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via displaβ¦
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aβ¦