2024-07-28 | CVE-2024-7155 | Use of Hard-coded Credentials vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. | 4.7 |
2024-07-28 | CVE-2024-42054 | Unrestricted Upload of File with Dangerous Type vulnerability in Cervantessec Cervantes 0.3/0.4/0.5 Cervantes through 0.5-alpha accepts insecure file uploads. | 5.4 |
2024-07-28 | CVE-2024-42055 | Cross-site Scripting vulnerability in Cervantessec Cervantes 0.3/0.4/0.5 Cervantes through 0.5-alpha allows stored XSS. | 5.4 |
2024-07-27 | CVE-2024-6703 | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.9 |
2024-07-27 | CVE-2024-5614 | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. | 5.3 |
2024-07-27 | CVE-2024-6518 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
2024-07-27 | CVE-2024-6520 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
2024-07-27 | CVE-2024-6521 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
2024-07-27 | CVE-2024-6627 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-07-27 | CVE-2024-6458 | The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. | 6.4 |