Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-05-31 CVE-2025-5378 A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0.
network
low complexity
CWE-94
4.3
4.3
2025-05-31 CVE-2025-4691 The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-31 CVE-2025-3813 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-5290 The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-4590 The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-4595 The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-5285 The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-5292 The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-5016 The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.7
4.7
2025-05-30 CVE-2025-1479 An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
local
low complexity
 5.3
5.3