Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-8318 | The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-09-04 | CVE-2024-8104 | Path Traversal vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. | 6.5 |
| 2024-09-04 | CVE-2024-8106 | Unspecified vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. | 6.5 |
| 2024-09-04 | CVE-2024-8117 | Cross-site Scripting vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-04 | CVE-2024-8119 | Cross-site Scripting vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-04 | CVE-2024-8121 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. | 4.3 |
| 2024-09-04 | CVE-2024-8123 | Authorization Bypass Through User-Controlled Key vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. | 5.4 |
| 2024-09-04 | CVE-2024-34637 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | 5.5 |
| 2024-09-04 | CVE-2024-34639 | Improper Handling of Exceptional Conditions vulnerability in Samsung Android 12.0/13.0/14.0 Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. | 4.6 |
| 2024-09-04 | CVE-2024-34642 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0 Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | 4.6 |