| 2024-07-20 | CVE-2024-37956 | Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. | 5.4 |
| 2024-07-20 | CVE-2024-37957 | Cross-site Scripting vulnerability in Bradmax Player
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27. | 5.4 |
| 2024-07-20 | CVE-2024-37958 | Cross-site Scripting vulnerability in Mekshq Meks Smart Author Widget
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4. | 5.4 |
| 2024-07-20 | CVE-2024-37959 | Cross-site Scripting vulnerability in Atlaspolicy Power BI Embedded
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7. | 5.4 |
| 2024-07-20 | CVE-2024-6489 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. | 5.3 |
| 2024-07-20 | CVE-2024-6491 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. | 4.3 |
| 2024-07-20 | CVE-2024-40347 | Cross-site Scripting vulnerability in Hyland Alfresco Content Services 7.2.0
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | 6.1 |
| 2024-07-20 | CVE-2024-2337 | The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-07-20 | CVE-2024-6560 | The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. | 5.3 |
| 2024-07-20 | CVE-2024-5804 | The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. | 4.3 |