CVE-2024-6693
published 2025-05-15CVE-2024-6693: The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.26%
16.7th percentile
The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.22 | 1:6.2+dfsg-2ubuntu6.22 |
| wp-buy | wp_content_copy_protection_no_right_click | < 15.3 | 15.3 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
osv6.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xvf2-x5rr-6g4q: The wccp-pro WordPress plugin before 15
ghsa_unreviewed·2025-05-15
CVE-2024-6693 [MEDIUM] CWE-79 GHSA-xvf2-x5rr-6g4q: The wccp-pro WordPress plugin before 15
The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
OSV
qemu vulnerabilities
osv·2024-08-13·CVSS 6.5
CVE-2023-6683 qemu vulnerabilities
qemu vulnerabilities
Markus Frank and Fiona Ebner discovered that QEMU did not properly
handle certain memory operations, leading to a NULL pointer dereference.
An authenticated user could potentially use this issue to cause a denial
of service. (CVE-2023-6683)
Xiao Lei discovered that QEMU did not properly handle certain memory
operations when specific features were enabled, which could lead to a
stack overflow. An attacker could potentially use this issue to leak
sensitive information. (CVE-2023-6693)
It was discovered that QEMU had an integer underflow vulnerability in
the TI command, which would result in a buffer overflow. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2024-24474)
No detection rules found.
No public exploits indexed.
2025-05-15
Published