Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-20	CVE-2024-11811	The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. network low complexity CWE-79	6.1
2024-12-20	CVE-2024-12840	A server-side request forgery exists in Satellite. network high complexity CWE-918	5.0
2024-12-20	CVE-2024-28767	IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. low complexity CWE-78	6.8
2024-12-20	CVE-2024-11331	The ??????? ??????? ??????? ???? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. network low complexity CWE-79	6.1
2024-12-20	CVE-2024-11411	The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-20	CVE-2024-11774	The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-20	CVE-2024-11775	The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-20	CVE-2024-11783	The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-20	CVE-2024-11784	The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-20	CVE-2024-11806	The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium