Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-12813 | Cross-site Scripting vulnerability in Pixelgrade Open Hours The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13464 | Cross-site Scripting vulnerability in Photonicgnostic Library Bookshelves The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13501 | Cross-site Scripting vulnerability in Formassembly Wp-Formassembly The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13522 | Cross-Site Request Forgery (CSRF) vulnerability in Magayo Lottery Results The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. | 5.4 |
| 2025-02-18 | CVE-2024-13535 | Path Traversal vulnerability in Marcoingraiti Actionwear products Sync The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. | 5.3 |
| 2025-02-18 | CVE-2024-13538 | Path Traversal vulnerability in Bigbuy Dropshipping Connector for Woocommerce The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. | 5.3 |
| 2025-02-18 | CVE-2024-13540 | Information Exposure Through an Error Message vulnerability in Byconsole Wooodt Lite The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. | 5.3 |
| 2025-02-18 | CVE-2024-13555 | Cross-Site Request Forgery (CSRF) vulnerability in 1Clickmigration 1 Click Migration The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. | 4.3 |
| 2025-02-18 | CVE-2024-13565 | Cross-site Scripting vulnerability in Shaonback2 Simple MAP NO API The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13573 | Cross-site Scripting vulnerability in Softdiscover Zigaform The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |