Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-12524 | The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2025-0860 | Cross-site Scripting vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-30 | CVE-2025-0861 | SQL Injection vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2025-01-30 | CVE-2025-21107 | Unquoted Search Path or Element vulnerability in Dell Networker Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. | 7.8 |
| 2025-01-30 | CVE-2024-13694 | Authorization Bypass Through User-Controlled Key vulnerability in Moreconvert Woocommerce Wishlist 1.7.2 The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. | 7.5 |
| 2025-01-30 | CVE-2024-13732 | Cross-site Scripting vulnerability in Cyberchimps Responsive Blocks The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-30 | CVE-2024-13758 | Cross-Site Request Forgery (CSRF) vulnerability in Dwbooster CP Contact Form The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. | 6.5 |
| 2025-01-30 | CVE-2024-13470 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13457 | Authorization Bypass Through User-Controlled Key vulnerability in Liquidweb Event Tickets The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. | 5.3 |
| 2025-01-30 | CVE-2024-13642 | Cross-site Scripting vulnerability in Motopress Stratum The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |