Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-8269 | Unspecified vulnerability in Inspireui Mstore API The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. | 6.5 |
| 2024-09-13 | CVE-2024-8714 | Cross-site Scripting vulnerability in Slicewp Affiliate Program Suite The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. | 6.1 |
| 2024-09-13 | CVE-2024-8730 | Cross-site Scripting vulnerability in Cvstech Exit Notifier The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. | 6.1 |
| 2024-09-13 | CVE-2024-8731 | Cross-site Scripting vulnerability in Leira Cron Jobs The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. | 6.1 |
| 2024-09-13 | CVE-2024-8732 | Cross-site Scripting vulnerability in Leira Roles & Capabilities The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. | 6.1 |
| 2024-09-13 | CVE-2024-8734 | Cross-site Scripting vulnerability in Lucasstad Lucas String Replace The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. | 6.1 |
| 2024-09-13 | CVE-2024-8737 | Cross-site Scripting vulnerability in Kubiq PDF Thumbnail Generator The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. | 6.1 |
| 2024-09-13 | CVE-2024-8747 | Cross-site Scripting vulnerability in Khromov Email Obfuscate Shortcode The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-13 | CVE-2024-39382 | Out-of-bounds Read vulnerability in Adobe After Effects After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2024-09-13 | CVE-2024-39385 | Use After Free vulnerability in Adobe Premiere PRO Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |