Security Vulnerabilities - CVEs Published In June 2024
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-11
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-11
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-11
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-06-11
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-11
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-11
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
CVSS Score
8.3
EPSS Score
0.006
Published
2024-06-11
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
CVSS Score
5.3
EPSS Score
0.014
Published
2024-06-11
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
CVSS Score
6.5
EPSS Score
0.004
Published
2024-06-11
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
9.9
EPSS Score
0.006
Published
2024-06-11