Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-31 CVE-2025-0507 The Ticketmeo – Sell Tickets – Event Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-31 CVE-2024-13463 The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-31 CVE-2025-0470 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-31 CVE-2024-13396 The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-31 CVE-2024-13397 The WPRadio – WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradio_player' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-31 CVE-2024-13399 The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-31 CVE-2024-13767 The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11.
network
low complexity
CWE-862
8.1
8.1
2025-01-30 CVE-2025-0568 Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability.
network
low complexity
santesoft CWE-787
7.5
7.5
2025-01-30 CVE-2025-0569 Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability.
network
low complexity
santesoft CWE-787
7.5
7.5
2025-01-30 CVE-2025-0570 Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability.
network
low complexity
santesoft CWE-787
6.5
6.5