Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-22 CVE-2025-1557 A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-22 CVE-2024-13564 The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-22 CVE-2025-1361 The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function.
network
low complexity
CWE-285
7.5
7.5
2025-02-22 CVE-2024-12038 The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-22 CVE-2024-12467 The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-02-22 CVE-2024-13474 The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-22 CVE-2024-13798 The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5.
network
low complexity
CWE-20
5.3
5.3
2025-02-22 CVE-2024-13873 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2025-02-22 CVE-2024-13899 The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function.
network
low complexity
CWE-502
7.2
7.2
2025-02-22 CVE-2025-1509 The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.
network
low complexity
CWE-94
7.3
7.3