Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-27 CVE-2024-6569 The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-5969 The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5.
network
low complexity
 5.8
5.8
2024-07-27 CVE-2024-1798 Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0.
network
low complexity
themeum CWE-862
5.3
5.3
2024-07-27 CVE-2024-1804 Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0.
network
low complexity
themeum CWE-862
4.3
4.3
2024-07-27 CVE-2024-4410 The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8.
network
low complexity
 5.4
5.4
2024-07-27 CVE-2024-6545 The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-6547 The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-6548 The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-6549 The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.
network
low complexity
 5.3
5.3
2024-07-27 CVE-2024-6566 The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21.
network
low complexity
 5.3
5.3