Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-3801 Cross-site Scripting vulnerability in Conceptintermedia S@M CMS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters.  Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
network
low complexity
conceptintermedia CWE-79
6.1
6.1
2024-06-28 CVE-2024-5737 Cross-site Scripting vulnerability in Admiror-Design-Studio Admirorframes
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used.
network
low complexity
admiror-design-studio CWE-79
6.1
6.1
2024-06-28 CVE-2024-5424 The Gallery Blocks with Lightbox.
network
low complexity
 6.4
6.4
2024-06-28 CVE-2024-5662 The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to, and including, 3.11.7 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-28 CVE-2024-5922 The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-28 CVE-2024-5925 The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-28 CVE-2024-2795 The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description.
network
low complexity
 5.3
5.3
2024-06-28 CVE-2024-5788 The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-28 CVE-2024-6288 The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output escaping.
network
high complexity
 4.7
4.7
2024-06-28 CVE-2024-5863 The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5.
network
low complexity
 5.4
5.4