Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-05-25 CVE-2024-30056 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
network
low complexity
 7.1
7.1
2024-05-25 CVE-2024-4045 The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-25 CVE-2024-4858 The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0.
network
low complexity
 5.3
5.3
2024-05-25 CVE-2024-5229 The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-05-25 CVE-2024-5220 The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-24 CVE-2024-4455 The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
 7.2
7.2
2024-05-24 CVE-2024-4037 The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003.
network
low complexity
 6.5
6.5
2024-05-24 CVE-2024-4366 The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-24 CVE-2024-0893 The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0.
network
low complexity
 4.3
4.3
2024-05-24 CVE-2024-1332 The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4