Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-7133 | Cross-site Scripting vulnerability in Premio MY Sticky BAR The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. | 4.8 |
| 2024-09-13 | CVE-2024-7863 | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server | 6.8 |
| 2024-09-13 | CVE-2024-7864 | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server | 6.5 |
| 2024-09-13 | CVE-2024-8656 | Cross-site Scripting vulnerability in Wpfactory Helper The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. | 6.1 |
| 2024-09-13 | CVE-2024-43180 | Cleartext Transmission of Sensitive Information vulnerability in IBM Concert 1.0 IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2024-09-12 | CVE-2024-45607 | Unspecified vulnerability in Secreto31126 Whatsapp-Api-Js whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. | 5.3 |
| 2024-09-12 | CVE-2024-25270 | Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | 4.3 |
| 2024-09-12 | CVE-2024-34335 | Cross-site Scripting vulnerability in Ordat Ordat.Erp ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | 6.1 |
| 2024-09-12 | CVE-2024-34336 | Information Exposure Through Discrepancy vulnerability in Ordat Ordat.Erp User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | 5.3 |
| 2024-09-12 | CVE-2024-45182 | Out-of-bounds Read vulnerability in Wibu Wibukey An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service. | 5.5 |