Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-9271 | Cross-site Scripting vulnerability in Remilia Re:Wp The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-04 | CVE-2024-6444 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 6.5 |
| 2024-10-04 | CVE-2024-9306 | Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-10-04 | CVE-2024-9435 | Cross-site Scripting vulnerability in Plainware Shiftcontroller The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-04 | CVE-2024-47854 | Cross-site Scripting vulnerability in Veritas Data Insight An XSS vulnerability was discovered in Veritas Data Insight before 7.1. | 6.1 |
| 2024-10-04 | CVE-2024-6442 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | 6.5 |
| 2024-10-04 | CVE-2024-6443 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | 6.5 |
| 2024-10-04 | CVE-2024-8804 | Cross-site Scripting vulnerability in Davidartiss Code Embed The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. | 5.4 |
| 2024-10-04 | CVE-2024-9242 | Cross-site Scripting vulnerability in Memberful The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-04 | CVE-2024-8519 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |