Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7413 The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7414 The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7416 The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7.
network
low complexity
 5.3
5.3
2024-08-12 CVE-2024-7512 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances.
network
low complexity
concretecms CWE-79
4.8
4.8
2024-08-12 CVE-2024-7574 The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5.
network
low complexity
 6.1
6.1
2024-08-12 CVE-2024-7621 The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2.
network
low complexity
 5.4
5.4
2024-08-12 CVE-2024-7644 Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0
A vulnerability was found in SourceCodester Leads Manager Tool 1.0.
network
low complexity
rems CWE-79
5.4
5.4
2024-08-12 CVE-2024-7645 Cross-Site Request Forgery (CSRF) vulnerability in Oretnom23 Clinic'S Patient Management System 1.0
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.
network
low complexity
oretnom23 CWE-352
5.4
5.4
2024-08-12 CVE-2024-7648 The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments.
network
low complexity
 4.3
4.3
2024-08-12 CVE-2024-7649 The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping.
network
low complexity
 6.1
6.1