An issue was discovered in CloudMe before 1.11.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
Buffer Overflow
Sync
NVD
Exploit-DB
CVSS 3.0
9.8
EPSS
93.6%
Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Bookly
NVD
CVSS 3.1
6.1
EPSS
1.0%