Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-6639 The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-08-12 CVE-2024-38200 Microsoft Office Spoofing Vulnerability
network
low complexity
CWE-200
7.5
7.5
2024-08-12 CVE-2024-38218 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
local
low complexity
 8.4
8.4
2024-08-12 CVE-2024-38219 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
network
high complexity
 6.5
6.5
2024-08-12 CVE-2024-4359 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function.
network
low complexity
 6.5
6.5
2024-08-12 CVE-2024-4360 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'.
network
low complexity
 6.4
6.4
2024-08-12 CVE-2024-6562 The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-6691 The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
 4.4
4.4
2024-08-12 CVE-2024-6692 The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.
network
high complexity
 3.3
3.3
2024-08-12 CVE-2024-6758 Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
network
low complexity
CWE-269
6.5
6.5