Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-12258 The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12260 The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12338 The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12341 The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0.
network
low complexity
CWE-862
4.3
4.3
2024-12-12 CVE-2024-12461 The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-12503 Cross-site Scripting vulnerability in Classcms 4.8
A vulnerability classified as problematic was found in ClassCMS 4.8.
network
low complexity
classcms CWE-79
4.8
4.8
2024-12-12 CVE-2024-12536 Cross-site Scripting vulnerability in Mayurik Advocate Office Management System 1.0
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
network
low complexity
mayurik CWE-79
5.4
5.4
2024-12-12 CVE-2024-44201 Unspecified vulnerability in Apple Iphone OS
The issue was addressed with improved memory handling.
local
low complexity
apple
5.5
5.5
2024-12-12 CVE-2024-44212 Origin Validation Error vulnerability in Apple products
A cookie management issue was addressed with improved state management.
network
low complexity
apple CWE-346
5.3
5.3
2024-12-12 CVE-2024-44220 Unspecified vulnerability in Apple Macos
The issue was addressed with improved memory handling.
local
low complexity
apple
5.5
5.5