Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7408 Cleartext Transmission of Sensitive Information vulnerability in Airveda Pm2.5 Pm10 Monitor Firmware
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode.
low complexity
airveda CWE-319
6.5
6.5
2024-08-12 CVE-2024-7410 The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7412 The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7413 The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7414 The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7416 The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7512 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances.
network
low complexity
concretecms CWE-79
4.8
4.8
2024-08-12 CVE-2024-7574 The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5.
network
low complexity
 6.1
6.1
2024-08-12 CVE-2024-7621 The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2.
network
low complexity
 5.4
5.4
2024-08-12 CVE-2024-7644 Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0
A vulnerability was found in SourceCodester Leads Manager Tool 1.0.
network
low complexity
rems CWE-79
5.4
5.4