Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-1572 The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-1584 The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1.
network
low complexity
 5.3
5.3
2024-05-02 CVE-2024-1677 The Print Labels with Barcodes.
network
low complexity
 6.3
6.3
2024-05-02 CVE-2024-1678 The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API.
network
low complexity
 5.3
5.3
2024-05-02 CVE-2024-1679 The Print Labels with Barcodes.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-1688 The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4.
network
low complexity
 5.3
5.3
2024-05-02 CVE-2024-1716 The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2.
network
low complexity
 4.3
4.3
2024-05-02 CVE-2024-1759 The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-1809 The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3.
network
low complexity
 5.4
5.4
2024-05-02 CVE-2024-1840 The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4