8.3
CVE-2024-22064 - Configuration error Vulnerability in ZTE ZXUN-ePDG
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, theβ¦
5.3
CVE-2024-4715 - Campcodes Complete Web-Based School Management System update_grade.php cross site scripting
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack β¦
6.4
CVE-2024-4490 - Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) β¦
The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the βtitleβ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for auβ¦
5.3
CVE-2024-4714 - Campcodes Complete Web-Based School Management System update_subject.php cross site scripting
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /model/update_subject.php. The manipulation of the argument name leads to cross site scripting. The attβ¦
5.3
CVE-2024-4713 - Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be launβ¦
6.5
CVE-2024-4039 - Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution
The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running do_shortcode. β¦
6.4
CVE-2024-4277 - LearnPress β WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βlayout_htmlβ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with β¦
6.5
CVE-2024-32776 - WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
7.1
CVE-2024-34818 - WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17.
5.4
CVE-2024-34814 - WordPress Unyson plugin <=2.7.29 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Unyson Unyson unyson.This issue affects Unyson: from n/a through <= 2.7.29.