Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-4268 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-02 | CVE-2024-6088 | Missing Authorization vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. | 5.3 |
| 2024-07-02 | CVE-2024-6099 | Unspecified vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. | 5.3 |
| 2024-07-02 | CVE-2024-6264 | Cross-site Scripting vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2024-6438 | SQL Injection vulnerability in Hitout Carsale 1.0 A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. | 6.5 |
| 2024-07-02 | CVE-2024-20889 | Improper Authentication vulnerability in Samsung Android 12.0/13.0/14.0 Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | 4.3 |
| 2024-07-02 | CVE-2024-20894 | Improper Handling of Exceptional Conditions vulnerability in Samsung Android 12.0/13.0/14.0 Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. | 4.3 |
| 2024-07-02 | CVE-2024-20895 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. | 5.5 |
| 2024-07-02 | CVE-2024-20896 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 5.5 |
| 2024-07-02 | CVE-2024-20897 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 5.5 |