Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-7822 | Cross-site Scripting vulnerability in Gwycon Quick Code The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.1 |
| 2024-09-12 | CVE-2024-7859 | Cross-Site Request Forgery (CSRF) vulnerability in Visual Sound Project Visual Sound The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
| 2024-09-12 | CVE-2024-7860 | Cross-site Scripting vulnerability in Outtolunchproductions Simple Headline Rotator The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.1 |
| 2024-09-12 | CVE-2024-7861 | Cross-site Scripting vulnerability in Michalaugustyniak Misiek Paypal The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.1 |
| 2024-09-12 | CVE-2024-8054 | Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 6.1 |
| 2024-09-12 | CVE-2024-8056 | Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 6.1 |
| 2024-09-12 | CVE-2024-38222 | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 6.5 |
| 2024-09-12 | CVE-2024-8708 | Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability was found in SourceCodester Best House Rental Management System 1.0. | 6.1 |
| 2024-09-11 | CVE-2024-41868 | Out-of-bounds Read vulnerability in Adobe Audition Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2024-09-11 | CVE-2024-44851 | Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 1.1.0 A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | 5.4 |