Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13316 | Missing Authorization vulnerability in Akashmalik Scracth & WIN The Scratch & Win – Giveaways and Contests. | 5.3 |
| 2025-02-18 | CVE-2024-13395 | Cross-site Scripting vulnerability in Kerryoco Threepress The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13718 | Cross-Site Request Forgery (CSRF) vulnerability in Wpdesk Flexible Wishlist for Woocommerce The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. | 4.3 |
| 2025-02-18 | CVE-2024-11376 | Cross-site Scripting vulnerability in Clavaque S2Member The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 241114. | 6.1 |
| 2025-02-18 | CVE-2024-11895 | Cross-site Scripting vulnerability in Vcita Online Payments - GET Paid With Paypal, Square & Stripe The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13465 | Cross-site Scripting vulnerability in Tusharimran Ablocks The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13575 | Cross-site Scripting vulnerability in Magazine3 web Stories Enhancer The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13704 | Cross-site Scripting vulnerability in Themepoints Super Testimonials The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2024-13795 | Cross-Site Request Forgery (CSRF) vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. | 4.3 |
| 2025-02-18 | CVE-2025-0864 | Cross-site Scripting vulnerability in Pluginus Active products Tables for Woocommerce The Active Products Tables for WooCommerce. | 6.1 |