2024-08-08 | CVE-2024-6824 | The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. | 4.3 |
2024-08-08 | CVE-2024-5668 | The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-08-08 | CVE-2024-6869 | The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. | 5.4 |
2024-08-08 | CVE-2024-6987 | The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. | 4.3 |
2024-08-08 | CVE-2024-6254 | The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. | 4.3 |
2024-08-08 | CVE-2024-6552 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. | 5.3 |
2024-08-08 | CVE-2024-21302 | Unspecified vulnerability in Microsoft products Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. | 6.7 |
2024-08-08 | CVE-2024-6892 | Cross-site Scripting vulnerability in Journyx 11.5.4 Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. | 6.1 |
2024-08-07 | CVE-2024-6706 | Cross-site Scripting vulnerability in Openwebui Open Webui 0.1.105 Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | 6.1 |
2024-08-07 | CVE-2024-41239 | Cross-site Scripting vulnerability in Lopalopa Responsive School Management System 3.2.0 A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. | 4.8 |