Skip to main content
CVE-2025-1747 MEDIUM This Month

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencart
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-54173 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-27414 MEDIUM PATCH This Month

MinIO is a high performance object storage. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2024-10860 MEDIUM This Month

The NextMove Lite - Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Nextmove
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13716 MEDIUM This Month

The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13832 MEDIUM This Month

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1506 MEDIUM PATCH This Month

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Social Login And Register Social Counter PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0801 MEDIUM PATCH This Month

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ratemyagent PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy