Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-3559 The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-12 CVE-2024-4564 The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-12 CVE-2024-5553 The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping.
network
high complexity
 4.4
4.4
2024-06-11 CVE-2024-4669 The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-11 CVE-2024-5646 The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-11 CVE-2024-5839 Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject
6.5
6.5
2024-06-11 CVE-2024-5840 Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page.
network
low complexity
google fedoraproject
6.5
6.5
2024-06-11 CVE-2024-5843 Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file.
network
low complexity
google fedoraproject
6.5
6.5
2024-06-11 CVE-2024-28022 Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account.
network
high complexity
hitachienergy CWE-307
5.6
5.6
2024-06-11 CVE-2024-28024 Cleartext Storage of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
local
high complexity
hitachienergy CWE-312
4.1
4.1