Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-19 CVE-2024-47087 Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint.
network
low complexity
apexsoftcell
6.5
2024-09-19 CVE-2024-47088 Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login.
network
low complexity
apexsoftcell CWE-307
critical
9.8
2024-09-19 CVE-2024-47089 Improper Validation of Integrity Check Value vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint.
network
low complexity
apexsoftcell CWE-354
6.5
2024-09-19 CVE-2024-47085 Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint.
network
low complexity
apexsoftcell
6.5
2024-09-19 CVE-2024-47086 Unspecified vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints.
network
low complexity
apexsoftcell
6.5
2024-09-19 CVE-2022-4533 Insufficient Verification of Data Authenticity vulnerability in Felixmoira Limit Login Attempts Plus
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0.
network
low complexity
felixmoira CWE-345
5.3
2024-09-19 CVE-2024-8364 Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
webhammer CWE-79
5.4
2024-09-19 CVE-2024-8850 Cross-site Scripting vulnerability in Ibericode Mailchimp
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping.
network
low complexity
ibericode CWE-79
6.1
2024-09-18 CVE-2021-27917 Cross-site Scripting vulnerability in Acquia Mautic
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
network
low complexity
acquia CWE-79
5.4
2024-09-18 CVE-2024-46372 Cross-site Scripting vulnerability in Dedecms 5.7.115
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
network
low complexity
dedecms CWE-79
6.1