Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-10356 The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php.
network
low complexity
CWE-200
4.3
4.3
2024-12-17 CVE-2024-9819 Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.
network
low complexity
CWE-639
6.5
6.5
2024-12-17 CVE-2024-11280 The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3
2024-12-17 CVE-2024-12395 The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-17 CVE-2024-12601 The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63.
network
low complexity
CWE-400
5.3
5.3
2024-12-17 CVE-2024-8429 Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.
network
low complexity
CWE-307
4.3
4.3
2024-12-17 CVE-2024-8475 Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.
network
low complexity
CWE-799
6.5
6.5
2024-12-17 CVE-2024-12127 The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
2024-12-17 CVE-2024-12469 The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-17 CVE-2024-11294 The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3