Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-4274 The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2.
network
low complexity
 4.3
4.3
2024-06-04 CVE-2024-4462 The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping.
network
high complexity
 4.4
4.4
2024-06-04 CVE-2024-4697 The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-04 CVE-2024-4997 The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43.
network
low complexity
 5.3
5.3
2024-06-04 CVE-2024-3888 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-04 CVE-2024-29975 ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
local
low complexity
CWE-269
6.7
6.7
2024-06-04 CVE-2024-29976 ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
network
low complexity
CWE-269
6.5
6.5
2024-06-03 CVE-2023-43537 Information disclosure while handling T2LM Action Frame in WLAN Host.
network
low complexity
 6.5
6.5
2024-06-03 CVE-2023-43543 Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object.
local
low complexity
 6.7
6.7
2024-06-03 CVE-2023-43544 Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
local
low complexity
 6.7
6.7