Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-3197 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-3199 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-3206 The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2.
network
low complexity
 4.3
4.3
2024-05-02 CVE-2024-3215 The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1.
network
low complexity
 5.3
5.3
2024-05-02 CVE-2024-3233 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5.
network
low complexity
 4.3
4.3
2024-05-02 CVE-2024-3275 The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function.
network
low complexity
 4.3
4.3
2024-05-02 CVE-2024-3295 The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5.
network
low complexity
 6.5
6.5
2024-05-02 CVE-2024-3307 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-3308 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-05-02 CVE-2024-3312 The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12.
network
low complexity
 5.3
5.3