Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2025-1269 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010. low complexity CWE-601 | 4.8 |
| 2025-02-18 | CVE-2025-1035 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. low complexity CWE-22 | 5.7 |
| 2025-02-18 | CVE-2024-13667 | The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13691 | The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. network low complexity | 6.5 |
| 2025-02-18 | CVE-2024-13783 | Missing Authorization vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. | 4.3 |
| 2025-02-18 | CVE-2025-0521 | Cross-site Scripting vulnerability in Wpexperts Post Smtp The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2025-0817 | Cross-site Scripting vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2025-0981 | Cross-site Scripting vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. | 6.1 |
| 2025-02-18 | CVE-2024-13316 | Missing Authorization vulnerability in Akashmalik Scracth & WIN The Scratch & Win – Giveaways and Contests. | 5.3 |
| 2025-02-18 | CVE-2024-13395 | Cross-site Scripting vulnerability in Kerryoco Threepress The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |