Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-05 | CVE-2024-1940 | Cross-site Scripting vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. | 5.4 |
2024-06-05 | CVE-2024-2087 | Cross-site Scripting vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-05 | CVE-2024-3667 | Cross-site Scripting vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-05 | CVE-2024-4886 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss Platform The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | 4.3 |
2024-06-05 | CVE-2024-34055 | Allocation of Resources Without Limits or Throttling vulnerability in Cyrusimap Cyrus Imap Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. | 6.5 |
2024-06-05 | CVE-2024-5149 | Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. | 5.3 |
2024-06-05 | CVE-2024-5483 | Unspecified vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. | 5.3 |
2024-06-05 | CVE-2024-5317 | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |