Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-31 | CVE-2022-4539 | Insufficient Verification of Data Authenticity vulnerability in Miniorange web Application Firewall The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. | 5.3 |
| 2024-08-31 | CVE-2022-4100 | Unspecified vulnerability in Wpcerber Cerber Security Antispam & Malware Scan The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. | 5.3 |
| 2024-08-31 | CVE-2022-4536 | Unspecified vulnerability in Youtag Ip-Vault-Wp-Firewall The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. | 5.3 |
| 2024-08-31 | CVE-2024-0111 | Improper Validation of Specified Quantity in Input vulnerability in Nvidia Cuda Toolkit NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. | 4.4 |
| 2024-08-31 | CVE-2024-8108 | Cross-site Scripting vulnerability in Share This Image Project Share This Image The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-31 | CVE-2024-39578 | Link Following vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. | 6.3 |
| 2024-08-31 | CVE-2024-39579 | Unspecified vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. | 6.7 |
| 2024-08-31 | CVE-2024-8276 | Cross-site Scripting vulnerability in Wpzoom Portfolio The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-31 | CVE-2024-3886 | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. | 6.1 |
| 2024-08-31 | CVE-2024-5212 | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. | 6.1 |