Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-04 CVE-2024-12221 The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2024-11930 The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-04 CVE-2024-12583 The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection.
network
low complexity
critical
 9.9
9.9
2025-01-04 CVE-2025-0205 SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-01-04 CVE-2024-10932 The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function.
network
low complexity
CWE-502
8.8
8.8
2025-01-04 CVE-2024-11974 The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2024-12047 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2024-12545 The Scratch & Win – Giveaways and Contests.
network
low complexity
CWE-352
5.4
5.4
2025-01-04 CVE-2024-12701 The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2025-0204 SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0
A vulnerability was found in code-projects Online Shoe Store 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8