6.4
CVE-2024-4288 - Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authentica…
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for…
6.4
CVE-2024-4385 - Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and ab…
6.4
CVE-2024-4617 - Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Sc…
The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo…
7.5
CVE-2024-4838 - ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-l…
5.4
CVE-2024-35302 -
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
5.5
CVE-2024-35301 -
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
3.5
CVE-2024-35300 -
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
5.9
CVE-2024-35299 -
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
5.3
CVE-2024-4975 - code-projects Simple Chat System Message cross site scripting
A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been discl…
8.8
CVE-2024-4352 - Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insuffi…