6.1
CVE-2024-12412 - Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | W…
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘active_tab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization …
6.4
CVE-2024-12520 - Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Sc…
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attri…
4.3
CVE-2024-12116 - Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Di…
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated a…
6.4
CVE-2024-12519 - TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe…
6.4
CVE-2024-11874 - Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen…
4.3
CVE-2024-11915 - RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access an…
6.4
CVE-2024-11758 - WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with …
2.6
CVE-2024-42175 - HCL MyXalytics is affected by a weak input validation vulnerability
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.
3.7
CVE-2024-42174 - HCL MyXalytics is affected by username enumeration vulnerability
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames.
4.8
CVE-2024-42173 - HCL MyXalytics is affected by an improper password policy implementation vulnerability
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.