Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13438 | Cross-Site Request Forgery (CSRF) vulnerability in Speedsize Image & Video Ai-Optimizer The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. | 4.3 |
| 2025-02-18 | CVE-2024-13556 | Deserialization of Untrusted Data vulnerability in Wecantrack Affiliate Links The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. | 9.8 |
| 2025-02-18 | CVE-2024-12525 | Cross-site Scripting vulnerability in Homeasap Easy MLS Listings Import The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-12813 | Cross-site Scripting vulnerability in Pixelgrade Open Hours The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13464 | Cross-site Scripting vulnerability in Photonicgnostic Library Bookshelves The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13501 | Cross-site Scripting vulnerability in Formassembly Wp-Formassembly The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13522 | Cross-Site Request Forgery (CSRF) vulnerability in Magayo Lottery Results The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. | 5.4 |
| 2025-02-18 | CVE-2024-13535 | Path Traversal vulnerability in Marcoingraiti Actionwear products Sync The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. | 5.3 |
| 2025-02-18 | CVE-2024-13538 | Path Traversal vulnerability in Bigbuy Dropshipping Connector for Woocommerce The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. | 5.3 |
| 2025-02-18 | CVE-2024-13540 | Information Exposure Through an Error Message vulnerability in Byconsole Wooodt Lite The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. | 5.3 |