Skip to main content
CVE-2024-13395 MEDIUM This Month

The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Threepress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13575 MEDIUM PATCH This Month

The Web Stories Enhancer - Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Web Stories Enhancer
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0805 MEDIUM This Month

The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Mortgage Loan Calculator PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13588 MEDIUM This Month

The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13565 MEDIUM This Month

The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Simple Map No Api
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13501 MEDIUM This Month

The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0622 MEDIUM PATCH This Month

GRUB2 bootloader fails to properly unload module-registered hooks during module unloading, creating a use-after-free condition that allows privileged local attackers to execute arbitrary code and potentially bypass secure boot protections. The vulnerability affects GRUB2 across multiple distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise, with patch availability confirmed through multiple security advisories issued in early 2025. No public exploit code or active exploitation in the wild has been confirmed at time of analysis.

RCE Memory Corruption Use After Free
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13465 MEDIUM PATCH This Month

The aBlocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ablocks
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13587 MEDIUM This Month

The Zigaform - Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13582 MEDIUM This Month

The Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdo_simple_pricing_table_free'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Pricing Tables
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13581 MEDIUM This Month

The Simple Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simple_chart' shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Simple Charts
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13579 MEDIUM This Month

The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Asambleas
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13578 MEDIUM This Month

The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Bibtex
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13577 MEDIUM This Month

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Cats Job Listings
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13576 MEDIUM This Month

The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13573 MEDIUM This Month

The Zigaform - Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13464 MEDIUM This Month

The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12813 MEDIUM This Month

The Open Hours - Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Open Hours
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12525 MEDIUM This Month

The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-41545 MEDIUM This Month

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64. Rated medium severity (CVSS 6.4). No vendor patch available.

Netgear Information Disclosure C7800 Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-13689 MEDIUM This Month

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-26620 MEDIUM PATCH This Month

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-0864 MEDIUM PATCH This Month

The Active Products Tables for WooCommerce. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Active Products Tables For Woocommerce PHP
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-11376 MEDIUM PATCH This Month

The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS S2Member
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-13523 MEDIUM PATCH This Month

The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Memorialday
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-13522 MEDIUM This Month

The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Magayo Lottery Results
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-1390 MEDIUM PATCH This Month

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25896 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-25892 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-25891 MEDIUM This Month

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Denial Of Service Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-13535 MEDIUM This Month

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-13848 MEDIUM This Month

The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Reaction Buttons
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13538 MEDIUM This Month

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-13667 MEDIUM This Month

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Uncode
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57056 MEDIUM This Month

Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13741 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0423 MEDIUM This Month

In the "bestinformed Web" application, some user input was not properly sanitized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13540 MEDIUM This Month

The WooODT Lite - Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-25472 MEDIUM PATCH This Month

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Dcmtk Debian Linux Red Hat +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13316 MEDIUM PATCH This Month

The Scratch & Win - Giveaways and Contests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Scratch Win
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-25473 MEDIUM PATCH This Month

FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-22920 MEDIUM PATCH This Month

A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-22645 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager allows Password Brute Forcing.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27013 MEDIUM This Month

Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-21608 MEDIUM This Month

Meshtastic is an open source mesh networking solution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meshtastic Firmware
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25055 MEDIUM This Month

Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2025-25223 MEDIUM This Month

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Luxcal Web Calendar
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13555 MEDIUM This Month

The 1 Click WordPress Migration Plugin - 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-45775 MEDIUM PATCH This Month

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. Rated medium severity (CVSS 5.2). No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-0424 MEDIUM This Month

In the "bestinformed Web" application, some user input was not properly sanitized. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy