Skip to main content
CVE-2024-11376 MEDIUM PATCH This Month

The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS S2Member
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-13523 MEDIUM PATCH This Month

The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Memorialday
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-13522 MEDIUM This Month

The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Magayo Lottery Results
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-1390 MEDIUM PATCH This Month

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25896 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-25892 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-25891 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-13535 MEDIUM This Month

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-13848 MEDIUM This Month

The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Reaction Buttons
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13538 MEDIUM This Month

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-13667 MEDIUM This Month

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Uncode
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57056 MEDIUM This Month

Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13741 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0423 MEDIUM This Month

In the "bestinformed Web" application, some user input was not properly sanitized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13540 MEDIUM This Month

The WooODT Lite - Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-25472 MEDIUM PATCH This Month

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Dcmtk Debian Linux Red Hat +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13316 MEDIUM PATCH This Month

The Scratch & Win - Giveaways and Contests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Scratch Win
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-25473 MEDIUM PATCH This Month

FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-22920 MEDIUM PATCH This Month

A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-22645 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager allows Password Brute Forcing.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27013 MEDIUM This Month

Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-21608 MEDIUM This Month

Meshtastic is an open source mesh networking solution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meshtastic Firmware
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25055 MEDIUM This Month

Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2025-25223 MEDIUM This Month

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Luxcal Web Calendar
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13555 MEDIUM This Month

The 1 Click WordPress Migration Plugin - 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-45775 MEDIUM PATCH This Month

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. Rated medium severity (CVSS 5.2). No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-0424 MEDIUM This Month

In the "bestinformed Web" application, some user input was not properly sanitized. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-57055 MEDIUM This Month

Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-1269 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.1.1 - 1010. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-45783 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-13783 MEDIUM This Month

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass Formcraft
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13740 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13687 MEDIUM This Month

The Team Builder - Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Team Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25471 MEDIUM PATCH This Month

FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13718 MEDIUM PATCH This Month

The Flexible Wishlist for WooCommerce - Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Flexible Wishlist For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13795 MEDIUM PATCH This Month

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13438 MEDIUM PATCH This Month

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Speedsize Image Video Ai Optimizer
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0796 MEDIUM This Month

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26603 MEDIUM PATCH This Month

Vim is a greatly improved version of the good old UNIX editor Vi. Rated medium severity (CVSS 4.2). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Vim Hci Compute Node +2
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy