Skip to main content
CVE-2025-24580 MEDIUM This Month

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels.16.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24673 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ltd Ketchup Shortcodes allows Stored XSS.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24610 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24733 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion.4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI Information Disclosure PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24730 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS.5.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24719 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown allows Stored XSS.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24746 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS.20.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24755 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24729 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24726 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Conctact Form 7 allows Stored XSS.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24721 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Easy YouTube Gallery allows Stored XSS.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24732 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS.1.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24572 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery.78.258. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24678 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Listamester Listamester allows Stored XSS.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13659 MEDIUM PATCH This Month

The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-24579 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.2.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-24666 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress - Hyve Lite allows Stored XSS.2.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-24658 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Hawes Auction Nudge - Your eBay on Your Site allows Stored XSS.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-24657 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-24668 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce allows Stored XSS.0.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-24681 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS.10.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-24634 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS.1.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-24644 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-24731 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS.38.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-24722 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS.7.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-24727 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS.3.52. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-24723 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS.2.55. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-24674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teplitsa. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-24571 MEDIUM This Month

Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.78.258. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24604 MEDIUM This Month

Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24652 MEDIUM This Month

Missing Authorization vulnerability in Revmakx WP Duplicate - WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24714 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu - circle floating menu allows Cross Site Request Forgery.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24712 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks allows Cross Site Request Forgery.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24622 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery.1.59. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24546 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24717 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery.1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24724 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery.3.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24720 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24716 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24715 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24713 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder allows Cross Site Request Forgery.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24711 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24750 MEDIUM This Month

Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24647 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery.0.35. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24633 MEDIUM This Month

Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-24552 MEDIUM This Month

Generation of Error Message Containing Sensitive Information vulnerability in David de Boer Paytium allows Retrieve Embedded Sensitive Data.4.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-24596 MEDIUM This Month

Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels.8.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-24705 MEDIUM This Month

Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24611 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-24701 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery.3.2.9. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy