Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-6568 | The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. network low complexity | 5.3 |
| 2024-08-21 | CVE-2024-6767 | The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. network low complexity | 5.5 |
| 2024-08-21 | CVE-2024-6883 | The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. network low complexity | 4.3 |
| 2024-08-21 | CVE-2024-7030 | Missing Authorization vulnerability in Zaytech Smart Online Order for Clover The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. | 4.3 |
| 2024-08-21 | CVE-2024-7032 | Missing Authorization vulnerability in Zaytech Smart Online Order for Clover The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. | 6.5 |
| 2024-08-21 | CVE-2024-7090 | The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. network low complexity | 6.1 |
| 2024-08-21 | CVE-2024-7390 | Missing Authorization vulnerability in Starkdigital WP Testimonial Widget The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. | 5.3 |
| 2024-08-21 | CVE-2024-7629 | Cross-site Scripting vulnerability in Kirstyburgoine Responsive Video 1.0 The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-21 | CVE-2024-7647 | Cross-Site Request Forgery (CSRF) vulnerability in Otasync OTA Sync Booking Engine Widget The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. | 6.1 |
| 2024-08-21 | CVE-2024-42939 | Cross-site Scripting vulnerability in Yzncms 1.4.2 A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | 5.4 |