Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-6181 | Cross-site Scripting vulnerability in Labvantage Lims 2017 A vulnerability was found in LabVantage LIMS 2017. | 5.4 |
| 2024-06-20 | CVE-2024-6182 | Cross-site Scripting vulnerability in Labvantage Lims 2017 A vulnerability was found in LabVantage LIMS 2017. | 5.4 |
| 2024-06-20 | CVE-2024-29013 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | 6.5 |
| 2024-06-20 | CVE-2024-4565 | Unspecified vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access | 6.5 |
| 2024-06-20 | CVE-2024-4390 | Improper Privilege Management vulnerability in Depicter The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. | 6.5 |
| 2024-06-20 | CVE-2024-5686 | Cross-site Scripting vulnerability in Wpzoom Addons for Elementor The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-20 | CVE-2024-5213 | Exposure of Sensitive Information Through Metadata vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0/1.5.3 In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). | 6.5 |
| 2024-06-20 | CVE-2023-3204 | Missing Authorization vulnerability in Extendthemes Materialis The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. | 6.5 |
| 2024-06-20 | CVE-2024-1168 | Cross-site Scripting vulnerability in Seopress The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. | 5.4 |
| 2024-06-20 | CVE-2024-3558 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |