Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-18 CVE-2024-11748 The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18 CVE-2024-11881 The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18 CVE-2024-12500 The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-18 CVE-2024-12513 The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-17 CVE-2024-10973 A vulnerability was found in Keycloak.
low complexity
CWE-319
5.7
5.7
2024-12-17 CVE-2024-49816 IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
network
low complexity
CWE-532
4.9
4.9
2024-12-17 CVE-2024-49817 IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
local
low complexity
CWE-260
4.4
4.4
2024-12-17 CVE-2024-49818 IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
4.3
4.3
2024-12-17 CVE-2024-49819 IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
local
high complexity
CWE-319
4.1
4.1
2024-12-17 CVE-2024-10356 The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php.
network
low complexity
CWE-200
4.3
4.3