6.4
CVE-2024-4634 - Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Script…
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
6.4
CVE-2024-4400 - Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contribu…
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticate…
6.4
CVE-2024-4288 - Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authentica…
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for…
6.4
CVE-2024-4385 - Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and ab…
6.4
CVE-2024-4617 - Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Sc…
The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo…
7.5
CVE-2024-4838 - ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-l…
5.4
CVE-2024-35302 -
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
5.5
CVE-2024-35301 -
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
3.5
CVE-2024-35300 -
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
5.9
CVE-2024-35299 -
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation