Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-02 | CVE-2024-6012 | Missing Authorization vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. | 4.3 |
| 2024-07-02 | CVE-2024-5260 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-07-02 | CVE-2023-41922 | Cross-site Scripting vulnerability in Kiloview P1 Firmware and P2 Firmware A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. | 5.4 |
| 2024-07-02 | CVE-2024-37126 | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. | 6.7 |
| 2024-07-02 | CVE-2024-37132 | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. | 6.7 |
| 2024-07-02 | CVE-2024-37133 | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. | 6.7 |
| 2024-07-02 | CVE-2024-37134 | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. | 6.7 |
| 2024-07-02 | CVE-2024-3513 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-02 | CVE-2024-5504 | Cross-site Scripting vulnerability in Apollo13Themes Rife Elementor Extensions & Templates The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |