Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-05 | CVE-2024-24789 | Unspecified vulnerability in Golang GO The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. | 5.5 |
2024-06-05 | CVE-2024-3716 | Unspecified vulnerability in Redhat Satellite 6.0 A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. | 6.2 |
2024-06-05 | CVE-2024-4812 | Cross-site Scripting vulnerability in multiple products A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. | 4.8 |
2024-06-05 | CVE-2024-35673 | Cross-Site Request Forgery (CSRF) vulnerability in Purechat Pure Chat Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22. | 4.3 |
2024-06-05 | CVE-2024-3469 | Cross-site Scripting vulnerability in Generatepress The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-05 | CVE-2024-5459 | Missing Authorization vulnerability in Fivestarplugins Five Star Restaurant Menu The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, 2.4.16. | 4.3 |
2024-06-05 | CVE-2024-4001 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-05 | CVE-2024-5536 | Cross-site Scripting vulnerability in Gamipress - Link The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-05 | CVE-2024-4743 | SQL Injection vulnerability in Lifterlms The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-06-05 | CVE-2024-4821 | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |