Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-10 CVE-2023-42007 IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-04-10 CVE-2023-43035 IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
CWE-525
4.0
4.0
2025-04-10 CVE-2023-43037 IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.
network
low complexity
CWE-20
6.5
6.5
2025-04-10 CVE-2024-10894 The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-10 CVE-2024-13909 The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-10 CVE-2025-2719 The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0.
network
low complexity
CWE-862
6.5
6.5
2025-04-10 CVE-2025-2805 The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.
network
low complexity
CWE-94
7.3
7.3
2025-04-10 CVE-2025-2809 The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.
network
low complexity
CWE-94
7.3
7.3
2025-04-10 CVE-2025-3417 The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5.
network
low complexity
CWE-862
8.8
8.8
2025-04-10 CVE-2025-3102 The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78.
network
high complexity
CWE-697
8.1
8.1