Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-35668 Cross-site Scripting vulnerability in Sendinblue Newsletter, Smtp, Email Marketing and Subscribe
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77.
network
low complexity
sendinblue CWE-79
6.1
6.1
2024-06-04 CVE-2024-35782 Cross-site Scripting vulnerability in Codeless Cowidgets - Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.
network
low complexity
codeless CWE-79
5.4
5.4
2024-06-04 CVE-2024-4637 The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes.
network
low complexity
 6.4
6.4
2024-06-04 CVE-2024-4581 The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes.
network
low complexity
 6.4
6.4
2024-06-04 CVE-2024-5485 The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-04 CVE-2024-1717 The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0.
network
low complexity
 4.3
4.3
2024-06-04 CVE-2024-1718 The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0.
network
low complexity
 5.3
5.3
2024-06-04 CVE-2024-2382 The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0.
network
low complexity
 5.3
5.3
2024-06-04 CVE-2024-3031 The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping.
network
high complexity
 4.4
4.4
2024-06-04 CVE-2024-4273 The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4