Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-05 | CVE-2024-5956 | Improper Authentication vulnerability in Trellix Intrusion Prevention System Manager 11.1.7.97 This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly | 5.3 |
| 2024-09-05 | CVE-2024-7380 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. | 4.3 |
| 2024-09-05 | CVE-2024-7381 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. | 5.3 |
| 2024-09-05 | CVE-2024-7605 | Missing Authorization vulnerability in Helloasso The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. | 4.3 |
| 2024-09-05 | CVE-2024-6332 | Missing Authorization vulnerability in Tmsproducts Amelia The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. | 6.5 |
| 2024-09-05 | CVE-2024-6894 | Cross-site Scripting vulnerability in Rdstation RD Station The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. | 5.4 |
| 2024-09-05 | CVE-2024-6929 | Cross-site Scripting vulnerability in Ankitpokhrel Dynamic Featured Image The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-05 | CVE-2024-45107 | Use After Free vulnerability in Adobe products Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2024-09-05 | CVE-2024-5309 | Missing Authorization vulnerability in Wpvibes Form Vibes The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. | 5.4 |
| 2024-09-05 | CVE-2024-8363 | Cross-site Scripting vulnerability in Share-This-Image Share This Image The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |