Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-30 CVE-2024-13646 Unspecified vulnerability in Aakashbhagat Single User Chat
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5.
network
low complexity
aakashbhagat
8.1
2025-01-30 CVE-2024-13652 Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060.
network
low complexity
ecpay CWE-862
4.3
2025-01-30 CVE-2024-13661 Cross-site Scripting vulnerability in Wptableeditor Table Editor
The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wptableeditor CWE-79
5.4
2025-01-30 CVE-2024-13664 Cross-site Scripting vulnerability in Wpbean WP Post List Table
The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpbean CWE-79
5.4
2025-01-30 CVE-2024-13670 Cross-site Scripting vulnerability in Partitionnumerique Music Sheet Viewer
The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
partitionnumerique CWE-79
5.4
2025-01-30 CVE-2024-13671 Unspecified vulnerability in Partitionnumerique Music Sheet Viewer
The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function.
network
low complexity
partitionnumerique
7.5
2025-01-30 CVE-2024-13700 Cross-site Scripting vulnerability in Vinayjain Embed Swagger UI
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
vinayjain CWE-79
5.4
2025-01-30 CVE-2024-13705 Cross-site Scripting vulnerability in Stageshow Project Stageshow
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6.
network
low complexity
stageshow-project CWE-79
6.1
2025-01-30 CVE-2024-13707 Cross-Site Request Forgery (CSRF) vulnerability in Ivanm WP Image Uploader
The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1.
network
low complexity
ivanm CWE-352
8.1
2025-01-30 CVE-2024-13715 Missing Authorization vulnerability in Ikjweb Zstore Manager Basic
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311.
network
low complexity
ikjweb CWE-862
4.3