Latest medium severity Vulnerabilities

CVE-2024-4713
Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting
CVE-2024-4039
Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-4277
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
CVE-2024-32776
WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability
CVE-2024-34818
WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34814
WordPress Unyson plugin <= 2.7.29 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34816
WordPress WPCal.io plugin <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34817
WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-31113
WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-3956
Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL
CVE-2024-4444
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration
CVE-2024-4434
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
CVE-2024-4689
WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34823
WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34825
WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34827
WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-34828
WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-4398
HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2024-3547
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting
CVE-2024-4275
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'
CVE-2024-2662
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection
CVE-2024-4448
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Cal...
CVE-2024-4449
Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets
CVE-2024-4129
Authentication bypass in Snow License Manager
CVE-2024-3828
Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
CVE-2024-4481
Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link
CVE-2024-4280
White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset
CVE-2024-4699
D-Link DAR-8000-10 importhtml.php deserialization
CVE-2024-0096
CVE
CVE-2024-0097
CVE
CVE-2024-0098
CVE
CVE-2024-0100
CVE
CVE-2024-0088
CVE
CVE-2024-0087
CVE
GHSA-wpcv-5jgp-69f3
### Overview Path Traversal vulnerability via File Uploads in Genie ### Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to th...
maven/com.netflix.genie:genie-web<4.3.18
CVE-2024-4688
Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting
GHSA-fr5h-rqp8-mj6g
### Impact A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions ...
npm/next>=13.4.0<14.1.1
GHSA-77r5-gw3j-2mpf
### Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. Th...
npm/next>=13.4.0<13.5.1
CVE-2024-4687
Campcodes Complete Web-Based School Management System create_events.php cross site scripting
CVE-2024-32985
Stellar-core's Overlay - security fix for DDoS mitigation
CVE-2024-4686
Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting
CVE-2024-2290
Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection
CVE-2024-3809
Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2024-3808
Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-4104
ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting
CVE-2024-4397
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
CVE-2024-2785
The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
CVE-2024-4038
Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2024-1467
Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery
CVE-2024-4463
Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203