Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-22 | CVE-2024-6271 | Cross-Site Request Forgery (CSRF) vulnerability in Community Events Project Community Events The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack | 5.4 |
2024-07-21 | CVE-2024-37446 | Cross-site Scripting vulnerability in Kibokolabs Chained Quiz Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8. | 4.8 |
2024-07-21 | CVE-2024-37447 | Cross-site Scripting vulnerability in Pixelyoursite Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1. | 4.8 |
2024-07-21 | CVE-2024-37449 | Cross-site Scripting vulnerability in Themepunch Slider Revolution Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13. | 4.8 |
2024-07-21 | CVE-2024-37457 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a through 3.1.9. | 5.4 |
2024-07-21 | CVE-2024-37459 | Cross-site Scripting vulnerability in Payplus Payment Gateway Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8. | 6.1 |
2024-07-21 | CVE-2024-37460 | Cross-site Scripting vulnerability in Supersaas Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9. | 5.4 |
2024-07-21 | CVE-2024-37461 | Cross-site Scripting vulnerability in Northernbeacheswebsites Ideapush Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65. | 6.1 |
2024-07-21 | CVE-2024-37465 | Cross-site Scripting vulnerability in Aipower Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66. | 5.4 |
2024-07-21 | CVE-2024-37466 | Cross-site Scripting vulnerability in Kraftplugins Mega Elements Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2. | 5.4 |