5.4
CVE-2024-3026 - WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
6.1
CVE-2024-2870 - Swift Framework < 2024.04.30 - Reflected XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
5.3
CVE-2024-6574 - Laposta <= 1.12 - Unauthenticated Full Path Disclosure
The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, whiβ¦
7.2
CVE-2024-5902 - UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
The User Feedback β Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it poβ¦
0.0
CVE-2024-6721 -
** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-5324. Reason: This record is a reservation duplicate of CVE-2024-5324. Notes: All CVE users should referenceΒ CVE-2024-5324 instead of this record. All references and descriptions in this record have been removed to prevent accidental uβ¦
3.1
CVE-2023-41093 - Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle rβ¦
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
5.4
CVE-2024-40690 - IBM InfoSphere Server cross-site scripting
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772β¦
6.5
CVE-2024-37405 -
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory.
7.2
CVE-2024-39917 - xrdp allows an ininite number of login attempts
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, thisβ¦
9.1
CVE-2024-38736 - WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.