| 2024-06-07 | CVE-2024-5425 | The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-06-07 | CVE-2024-1768 | The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-06-07 | CVE-2024-3987 | The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-5607 | The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. | 5.4 |
| 2024-06-07 | CVE-2024-1689 | The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. | 5.3 |
| 2024-06-06 | CVE-2023-37539 | Cross-site Scripting vulnerability in Hcltech Domino 11.0/12.0/14.0
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-06-06 | CVE-2024-36775 | Cross-site Scripting vulnerability in Monstra 3.0.4
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. | 5.4 |
| 2024-06-06 | CVE-2024-3153 | Resource Exhaustion vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. | 6.5 |
| 2024-06-06 | CVE-2024-3402 | Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. | 5.4 |
| 2024-06-06 | CVE-2024-3404 | Improper Access Control vulnerability in Gaizhenbiao Chuanhuchatgpt
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. | 6.5 |