Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-10 | CVE-2024-13318 | Unspecified vulnerability in Smartdatasoft Essential WP Real Estate The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. | 5.3 |
| 2025-01-10 | CVE-2024-13183 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-10 | CVE-2025-0311 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-10 | CVE-2024-12473 | The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-10 | CVE-2024-12606 | The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. | 4.3 |
| 2025-01-09 | CVE-2024-56376 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. | 5.4 |
| 2025-01-09 | CVE-2024-56377 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. | 5.4 |
| 2025-01-09 | CVE-2025-21380 | Unspecified vulnerability in Microsoft Azure Marketplace Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | 6.5 |
| 2025-01-09 | CVE-2025-21385 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. | 6.5 |
| 2025-01-09 | CVE-2024-10215 | The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. | 9.8 |