Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-17 CVE-2024-13378 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
5.4
5.4
2025-01-17 CVE-2024-12370 Missing Authorization vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5.
network
low complexity
thimpress CWE-862
5.3
5.3
2025-01-17 CVE-2024-12203 The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-01-17 CVE-2024-12466 The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-17 CVE-2024-12508 The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-17 CVE-2024-12598 The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-17 CVE-2024-12637 The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality.
network
low complexity
CWE-200
5.3
5.3
2025-01-17 CVE-2024-13366 The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-17 CVE-2024-13367 The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4.
network
low complexity
CWE-862
6.5
6.5
2025-01-17 CVE-2024-13386 The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4