Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-13646 | Unspecified vulnerability in Aakashbhagat Single User Chat The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. | 8.1 |
| 2025-01-30 | CVE-2024-13652 | Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. | 4.3 |
| 2025-01-30 | CVE-2024-13661 | Cross-site Scripting vulnerability in Wptableeditor Table Editor The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13664 | Cross-site Scripting vulnerability in Wpbean WP Post List Table The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13670 | Cross-site Scripting vulnerability in Partitionnumerique Music Sheet Viewer The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13671 | Unspecified vulnerability in Partitionnumerique Music Sheet Viewer The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. | 7.5 |
| 2025-01-30 | CVE-2024-13700 | Cross-site Scripting vulnerability in Vinayjain Embed Swagger UI The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13705 | Cross-site Scripting vulnerability in Stageshow Project Stageshow The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. | 6.1 |
| 2025-01-30 | CVE-2024-13707 | Cross-Site Request Forgery (CSRF) vulnerability in Ivanm WP Image Uploader The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. | 8.1 |
| 2025-01-30 | CVE-2024-13715 | Missing Authorization vulnerability in Ikjweb Zstore Manager Basic The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. | 4.3 |