7.5
CVE-2018-9456 -
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
6.5
CVE-2018-9440 -
In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
4.3
CVE-2024-51669 - WordPress Dynamic Widgets plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.
6.3
CVE-2024-52392 - WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in w3speedster W3SPEEDSTER w3speedster-wp.This issue affects W3SPEEDSTER: from n/a through <= 7.25.
6.5
CVE-2024-30424 - WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM wpzoom-addons-for-beaver-builder allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through <= 1.3.4.
5.9
CVE-2023-27609 - WordPress WP Roles at Registration plugin <= 0.23 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration wp-roles-at-registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through <= 0.23.
6.1
CVE-2024-11400 - HUSKY β Products Filter for WooCommerce <= 1.3.6.3 - Reflected Cross-Site Scripting via really_currβ¦
The HUSKY β Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthβ¦
9.8
CVE-2018-9433 -
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
7.7
CVE-2024-52595 - HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `<svg>`, `<math>` and `<noscript>`. This behavior deviates from how web browsers parβ¦
7.8
CVE-2018-9432 -
In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges neβ¦