Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6087 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. | 6.5 |
| 2024-09-13 | CVE-2024-6582 | Missing Authentication for Critical Function vulnerability in Lunary A broken access control vulnerability exists in the latest version of lunary-ai/lunary. | 4.3 |
| 2024-09-13 | CVE-2024-6867 | Insufficient Granularity of Access Control vulnerability in Lunary 1.4.9 An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. | 6.5 |
| 2024-09-13 | CVE-2024-44798 | Cross-site Scripting vulnerability in Anujk305 BUS Pass Management System 1.0 phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | 4.8 |
| 2024-09-13 | CVE-2024-5789 | Cross-site Scripting vulnerability in Towfiqi Triton Lite The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5867 | Cross-site Scripting vulnerability in Nattywp Delicate The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5869 | Cross-site Scripting vulnerability in Arnoldgoodway Neighborly The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5870 | Cross-site Scripting vulnerability in Arnoldgoodway Tweaker5 The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5884 | Cross-site Scripting vulnerability in Allprices Beauty The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-6544 | The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. | 5.3 |