GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity.