Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-31 CVE-2024-13424 The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4.
network
low complexity
CWE-862
4.3
2025-01-31 CVE-2024-13504 The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
2025-01-31 CVE-2024-13717 The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1.
network
low complexity
CWE-862
4.3
2025-01-31 CVE-2025-0809 The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
2025-01-31 CVE-2024-10867 Cross-site Scripting vulnerability in Visualmodo Borderless
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping.
network
low complexity
visualmodo CWE-79
5.4
2025-01-31 CVE-2025-0493 The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter.
network
low complexity
CWE-22
critical
9.8
2025-01-31 CVE-2025-0507 The Ticketmeo – Sell Tickets – Event Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2025-01-31 CVE-2024-13463 The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2025-01-31 CVE-2025-0470 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2025-01-31 CVE-2024-13396 The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4