Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-25 | CVE-2024-8141 | Cross-site Scripting vulnerability in Rems Daily Calories Monitoring Tool 1.0 A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. | 5.4 |
| 2024-08-24 | CVE-2024-8137 | Cross-site Scripting vulnerability in Jkev Record Management System 1.0 A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. | 6.1 |
| 2024-08-24 | CVE-2024-8136 | Cross-site Scripting vulnerability in Jkev Record Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. | 6.1 |
| 2024-08-24 | CVE-2024-6499 | Unspecified vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. | 5.3 |
| 2024-08-24 | CVE-2024-2254 | Cross-site Scripting vulnerability in Risethemes RT Easy Builder The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-24 | CVE-2024-6631 | Missing Authorization vulnerability in Imagerecycle PDF & Image Compression The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. | 4.3 |
| 2024-08-24 | CVE-2024-8120 | Cross-Site Request Forgery (CSRF) vulnerability in Imagerecycle PDF & Image Compression The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. | 4.3 |
| 2024-08-24 | CVE-2023-0926 | Cross-site Scripting vulnerability in Samiahmedsiddiqui Custom Permalinks The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. | 5.4 |
| 2024-08-24 | CVE-2023-6987 | Cross-site Scripting vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-08-23 | CVE-2024-38207 | Out-of-bounds Write vulnerability in Microsoft Edge Chromium Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 6.3 |