Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-17	CVE-2024-12219	The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. network low complexity CWE-352	6.1
2024-12-17	CVE-2024-12220	The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. network low complexity CWE-352	6.1
2024-12-17	CVE-2024-12239	The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2024-12-17	CVE-2024-11900	The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11902	The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11905	The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-17	CVE-2024-11906	The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-16	CVE-2024-12443	The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2024-12-16	CVE-2024-12664	Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5 A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. network low complexity ruifang-tech CWE-79	5.4
2024-12-16	CVE-2024-12665	Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5 A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. network low complexity ruifang-tech CWE-79	5.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium