Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-5704 The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4.
network
low complexity
 4.3
4.3
2024-07-09 CVE-2024-5810 The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1.
network
low complexity
 5.3
5.3
2024-07-09 CVE-2024-5856 The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1.
network
low complexity
 4.3
4.3
2024-07-09 CVE-2024-5937 The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-07-09 CVE-2024-5993 The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1.
network
low complexity
 5.4
5.4
2024-07-09 CVE-2024-6167 The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2.
network
low complexity
 4.3
4.3
2024-07-09 CVE-2024-6168 The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2.
network
low complexity
 4.3
4.3
2024-07-09 CVE-2024-5881 The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-07-09 CVE-2024-5802 Cross-site Scripting vulnerability in Mythemeshop URL Shortener
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
low complexity
mythemeshop CWE-79
4.8
4.8
2024-07-09 CVE-2024-34689 Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests.
network
low complexity
sap CWE-918
5.0
5.0