Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-03 | CVE-2024-6340 | Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-03 | CVE-2024-2040 | Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack | 4.3 |
| 2024-07-03 | CVE-2024-2233 | Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | 4.3 |
| 2024-07-03 | CVE-2024-2234 | Cross-site Scripting vulnerability in 2Code Himer The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-07-03 | CVE-2024-2235 | Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack | 4.3 |
| 2024-07-03 | CVE-2024-2375 | Cross-site Scripting vulnerability in 2Code Wpqa Builder The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-07-03 | CVE-2024-4543 | Cross-Site Request Forgery (CSRF) vulnerability in Yeken Snippet Shortcodes The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. | 4.3 |
| 2024-07-02 | CVE-2022-25477 | Information Exposure Through Log Files vulnerability in Realtek Rtsper and Rtsuer Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR. | 5.5 |
| 2024-07-02 | CVE-2022-25479 | Memory Leak vulnerability in Realtek Rtsper and Rtsuer Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. | 5.5 |
| 2024-07-02 | CVE-2024-39891 | Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. | 5.3 |