Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-5940 | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. | 5.3 |
| 2024-08-20 | CVE-2024-5941 | Missing Authorization vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. | 5.4 |
| 2024-08-20 | CVE-2024-7850 | The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. network low complexity | 6.1 |
| 2024-08-20 | CVE-2024-7945 | Cross-site Scripting vulnerability in Adonesevangelista Laravel Property Management System 1.0 A vulnerability was found in itsourcecode Laravel Property Management System 1.0. | 5.4 |
| 2024-08-20 | CVE-2024-7948 | Cross-site Scripting vulnerability in Rems Account Manager APP 1.0 A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. | 5.4 |
| 2024-08-20 | CVE-2024-7942 | Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0 A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. | 5.4 |
| 2024-08-19 | CVE-2024-7929 | Cross-site Scripting vulnerability in Oretnom23 Simple Forum Website 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. | 6.1 |
| 2024-08-19 | CVE-2024-23729 | Cross-site Scripting vulnerability in Heytap Internet Browser 45.10.3.4.1 The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. | 6.1 |
| 2024-08-19 | CVE-2024-43250 | Incorrect Authorization vulnerability in Bitapps BIT Form Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | 6.5 |
| 2024-08-19 | CVE-2024-32928 | The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | 5.9 |