Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-03 CVE-2023-43545 Memory corruption when more scan frequency list or channels are sent from the user space.
local
low complexity
 6.7
6.7
2024-06-01 CVE-2024-2295 The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2024-1324 The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8.
network
low complexity
 5.3
5.3
2024-06-01 CVE-2024-2506 The Popup Builder – Create highly converting, mobile friendly marketing popups.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2024-4342 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2024-5501 The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_one_id’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2023-6382 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2024-3565 The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-01 CVE-2024-4711 Cross-site Scripting vulnerability in Connekthq Ajax Load More
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
connekthq CWE-79
5.4
5.4
2024-06-01 CVE-2024-2933 The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4