Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-5571 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-05 | CVE-2024-4939 | Cross-site Scripting vulnerability in Weavertheme Weaver Xtreme Theme Support The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-05 | CVE-2024-5006 | Cross-site Scripting vulnerability in Woostify Boostify Header Footer Builder for Elementor The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-05 | CVE-2024-5439 | Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-05 | CVE-2024-5453 | Missing Authorization vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. | 4.3 |
| 2024-06-05 | CVE-2024-1164 | Cross-site Scripting vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. | 5.4 |
| 2024-06-05 | CVE-2024-2368 | Cross-Site Request Forgery (CSRF) vulnerability in Wobbie Mollie Forms The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. | 4.3 |
| 2024-06-05 | CVE-2024-4088 | Missing Authorization vulnerability in Wpattire Attire Blocks The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. | 4.3 |
| 2024-06-05 | CVE-2024-5222 | Cross-site Scripting vulnerability in Cyberchimps Responsive Addons The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. | 5.4 |
| 2024-06-05 | CVE-2024-1161 | Cross-site Scripting vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. | 5.4 |