| 2025-02-18 | CVE-2024-13523 | Cross-Site Request Forgery (CSRF) vulnerability in Shenyanzhi Memorialday
The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. | 5.4 |
| 2025-02-18 | CVE-2024-13315 | Cross-Site Request Forgery (CSRF) vulnerability in Shopwarden
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. | 8.8 |
| 2025-02-18 | CVE-2024-13438 | Cross-Site Request Forgery (CSRF) vulnerability in Speedsize Image & Video Ai-Optimizer
The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. | 4.3 |
| 2025-02-18 | CVE-2024-13556 | Deserialization of Untrusted Data vulnerability in Wecantrack Affiliate Links
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. | 9.8 |
| 2025-02-18 | CVE-2024-12525 | The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-12813 | The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-13464 | The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-13501 | The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-13522 | The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. | 6.1 |
| 2025-02-18 | CVE-2024-13535 | The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. | 5.3 |