Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-14	CVE-2024-45385	A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). network high complexity CWE-79	4.7
2025-01-14	CVE-2024-11734	A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. network low complexity CWE-693	6.5
2025-01-14	CVE-2024-11736	A vulnerability was found in Keycloak. network low complexity CWE-526	4.9
2025-01-14	CVE-2024-13156	The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-01-14	CVE-2025-0393	The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. network low complexity CWE-352	6.1
2025-01-14	CVE-2024-12006	Missing Authorization vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. network low complexity boldgrid CWE-862	5.3
2025-01-14	CVE-2024-13323	The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-14	CVE-2024-13348	The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. network low complexity CWE-352	6.1
2025-01-14	CVE-2024-11396	The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. network low complexity CWE-359	5.3
2025-01-14	CVE-2025-23030	Cross-site Scripting vulnerability in Wegia WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. network low complexity wegia CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium