Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-09 | CVE-2024-5458 | Insufficient Verification of Data Authenticity vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. | 5.3 |
2024-06-09 | CVE-2024-32704 | Missing Authorization vulnerability in Reputeinfosystems Arforms Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. | 6.5 |
2024-06-09 | CVE-2023-34003 | Missing Authorization vulnerability in Woocommerce BOX Office Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | 5.3 |
2024-06-09 | CVE-2024-24716 | Missing Authorization vulnerability in Getawesomesupport Awesome Support 6.0.13 Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6. | 5.4 |
2024-06-09 | CVE-2023-52230 | Missing Authorization vulnerability in Booster for Woocommerce Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | 6.5 |
2024-06-09 | CVE-2023-52232 | Missing Authorization vulnerability in Booster for Woocommerce 5.6.5/5.6.6 Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | 6.5 |
2024-06-08 | CVE-2024-21748 | Missing Authorization vulnerability in Icegram Express Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | 5.4 |
2024-06-08 | CVE-2024-35679 | Cross-site Scripting vulnerability in Givewp Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0. | 6.1 |
2024-06-08 | CVE-2024-35681 | Cross-site Scripting vulnerability in Gvectors Wpdiscuz Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. | 5.4 |
2024-06-08 | CVE-2024-35682 | Unspecified vulnerability in Themeisle Otter Blocks Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. | 5.3 |