Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-30303 Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-05-02 CVE-2024-30304 Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-05-02 CVE-2024-30305 Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-05-02 CVE-2024-30306 Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
local
low complexity
CWE-125
7.8
7.8
2024-05-02 CVE-2023-6214 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function.
network
low complexity
 7.5
7.5
2024-05-02 CVE-2023-6731 The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5.
network
low complexity
 4.3
4.3
2024-05-02 CVE-2023-6961 The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping.
network
low complexity
 7.2
7.2
2024-05-02 CVE-2023-6962 The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description.
network
low complexity
 5.3
5.3
2024-05-02 CVE-2023-7030 The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2023-7064 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function.
network
high complexity
 7.5
7.5