Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-5879 | Cross-site Scripting vulnerability in Hubspot The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-30 | CVE-2024-4401 | Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-30 | CVE-2024-5024 | Cross-site Scripting vulnerability in Memberpress The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-08-30 | CVE-2024-5061 | Cross-site Scripting vulnerability in Kriesi Enfold The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-30 | CVE-2024-5784 | Missing Authorization vulnerability in Tutorlms Tutor LMS PRO The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. | 6.3 |
| 2024-08-30 | CVE-2024-8328 | Cross-site Scripting vulnerability in Easy Test Online Learning and Testing Platform Project Easy Test Online Learning and Testing Platform Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | 5.4 |
| 2024-08-29 | CVE-2024-1543 | Information Exposure Through Discrepancy vulnerability in Wolfssl The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. | 5.5 |
| 2024-08-29 | CVE-2024-41349 | Cross-site Scripting vulnerability in Cdevroe Unmark 1.9.2 unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. | 6.1 |
| 2024-08-29 | CVE-2024-34018 | Incorrect Default Permissions vulnerability in Acronis Snap Deploy 6 Sensitive information disclosure due to insecure folder permissions. | 5.5 |
| 2024-08-29 | CVE-2024-41345 | Cross-site Scripting vulnerability in Jpatokal Openflights 20240820 openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php | 5.4 |