VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-05-02
CVE-2024-1572
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute.
network
low complexity
6.4
6.4
2024-05-02
CVE-2024-1584
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1.
network
low complexity
5.3
5.3
2024-05-02
CVE-2024-1677
The Print Labels with Barcodes.
network
low complexity
6.3
6.3
2024-05-02
CVE-2024-1678
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API.
network
low complexity
5.3
5.3
2024-05-02
CVE-2024-1679
The Print Labels with Barcodes.
network
low complexity
6.4
6.4
2024-05-02
CVE-2024-1688
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4.
network
low complexity
5.3
5.3
2024-05-02
CVE-2024-1716
The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2.
network
low complexity
4.3
4.3
2024-05-02
CVE-2024-1759
The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-05-02
CVE-2024-1809
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3.
network
low complexity
5.4
5.4
2024-05-02
CVE-2024-1840
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
«
Previous
1
2
...
3
4
5
(current)
6
7
...
11285
11286
»
Next