Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2020-11843 Unspecified vulnerability in Netiq Access Manager
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
network
low complexity
netiq
6.5
6.5
2024-06-11 CVE-2024-4266 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function.
network
low complexity
 5.3
5.3
2024-06-11 CVE-2024-31398 Unspecified vulnerability in Cybozu Garoon
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2.
network
low complexity
cybozu
4.3
4.3
2024-06-11 CVE-2024-31399 Unspecified vulnerability in Cybozu Garoon
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2.
network
low complexity
cybozu
6.5
6.5
2024-06-11 CVE-2024-31402 Incorrect Authorization vulnerability in Cybozu Garoon
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
network
low complexity
cybozu CWE-863
4.3
4.3
2024-06-11 CVE-2024-3723 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory.
network
low complexity
 5.3
5.3
2024-06-11 CVE-2024-4319 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2.
network
low complexity
 5.3
5.3
2024-06-11 CVE-2024-5530 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-11 CVE-2023-6745 The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta.
network
low complexity
 6.4
6.4
2024-06-11 CVE-2023-6748 The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode.
network
low complexity
 4.3
4.3