Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-28 CVE-2024-13521 Cross-Site Request Forgery (CSRF) vulnerability in Ilghera Mailup Auto Subscription
The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0.
network
low complexity
ilghera CWE-352
5.4
2025-01-28 CVE-2025-0321 Cross-site Scripting vulnerability in Wpmet Elementskit
The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping.
network
low complexity
wpmet CWE-79
5.4
2025-01-28 CVE-2024-13448 Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3.
network
low complexity
themerex CWE-434
critical
9.8
2025-01-28 CVE-2024-13509 Cross-site Scripting vulnerability in Westguardsolutions WS Form
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping.
network
low complexity
westguardsolutions CWE-79
6.1
2025-01-28 CVE-2024-11135 SQL Injection vulnerability in Imithemes Eventer
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
imithemes CWE-89
7.5
2025-01-28 CVE-2024-22315 IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
local
high complexity
CWE-923
4.0
2025-01-28 CVE-2023-50316 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2025-01-28 CVE-2024-27263 Man-in-the-Middle vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.
network
high complexity
ibm CWE-300
5.3
2025-01-28 CVE-2024-28786 IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
low complexity
CWE-319
6.5
2025-01-27 CVE-2024-37526 IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
network
low complexity
CWE-497
6.5