Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-13 CVE-2025-3535 A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic.
network
low complexity
CWE-404
4.3
4.3
2025-04-13 CVE-2025-3533 A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-13 CVE-2025-3531 A vulnerability classified as problematic has been found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-13 CVE-2025-3532 A vulnerability classified as problematic was found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-12 CVE-2025-1455 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-12 CVE-2025-1456 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-12 CVE-2024-13337 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2.
network
low complexity
CWE-352
4.3
4.3
2025-04-12 CVE-2024-13338 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1.
network
low complexity
CWE-352
5.3
5.3
2025-04-12 CVE-2025-3276 The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-12 CVE-2025-3282 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key.
network
low complexity
CWE-639
5.3
5.3