Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-5818 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-24 | CVE-2024-6896 | Cross-site Scripting vulnerability in Ampforwp Accelerated Mobile Pages The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-24 | CVE-2024-7065 | Cross-Site Request Forgery (CSRF) vulnerability in Denkgroot Spina A vulnerability was found in Spina CMS up to 2.18.0. | 4.3 |
| 2024-07-24 | CVE-2023-32471 | Out-of-bounds Read vulnerability in Dell products Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. | 6.0 |
| 2024-07-24 | CVE-2024-3297 | Unspecified vulnerability in Csa-Iot Matter An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. low complexity csa-iot | 6.5 |
| 2024-07-24 | CVE-2024-6874 | Out-of-bounds Read vulnerability in Haxx Libcurl 8.8.0 libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. | 4.3 |
| 2024-07-24 | CVE-2024-6930 | Cross-site Scripting vulnerability in Wpbookingcalendar Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-24 | CVE-2023-32466 | Out-of-bounds Write vulnerability in Dell Edge Gateway 3200 Firmware Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. | 5.7 |
| 2024-07-24 | CVE-2024-6553 | Unspecified vulnerability in Wp-Meteor WP Meteor The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. | 5.3 |
| 2024-07-24 | CVE-2024-6571 | Unspecified vulnerability in Wpchill Optimize Images ALT Text (Alt Tag) & Names for SEO Using AI The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. | 5.3 |