Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-27 | CVE-2024-6573 | The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. network low complexity | 5.3 |
| 2024-07-27 | CVE-2024-6591 | The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.6. network low complexity | 5.8 |
| 2024-07-27 | CVE-2024-6661 | The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. network low complexity | 5.5 |
| 2024-07-26 | CVE-2024-37034 | Inadequate Encryption Strength vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. | 5.9 |
| 2024-07-26 | CVE-2024-41684 | Unspecified vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. | 5.3 |
| 2024-07-26 | CVE-2024-41688 | Cleartext Storage of Sensitive Information vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. | 4.6 |
| 2024-07-26 | CVE-2024-41689 | Cleartext Storage of Sensitive Information vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. | 4.6 |
| 2024-07-26 | CVE-2024-41690 | Cleartext Storage of Sensitive Information vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. | 4.6 |
| 2024-07-26 | CVE-2024-41691 | Cleartext Storage of Sensitive Information vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. | 4.6 |
| 2024-07-26 | CVE-2024-25090 | Improper Input Validation vulnerability in Apache Roller Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |